Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco 804 and EchoLink - Port forwarding to any computer

Posted on 2005-03-27
7
Medium Priority
?
452 Views
Last Modified: 2010-04-17
I need to configure my Cisco 804 router to accomplish the following:
"EchoLink requires that your router or firewall allow inbound and outbound UDP to destination ports 5198 and 5199, and outbound TCP to port 5200.  Source ports are dynamically assigned.  If you are using a home-network router, you will also need to configure the router to "forward" UDP ports 5198 and 5199 to the PC on which EchoLink is running."

Cisco connects to Verizon home ISDN.

Below is the current configuration. I tried adding lines such as:

Under interfaces Dialer1 and Ethernet0
ip access-group 122 out

And then I added:
access-list 122 permit udp any eq 5198 any
access-list 122 permit udp any eq 5199 any
access-list 121 permit udp any eq 5198 any
access-list 122 permit udp any eq 5199 any
access-list 122 permit tcp any eq 5200 any

When I try to do this, it locks up the route and I loose communications from the console or web. What do I change to make this happen so any computer in the inside can use these ports?

73/gus

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname yarcom
!
boot system flash:c800-y6-mw.121-3.XG6.bin
no logging buffered
enable secret 5
!
username yarcom password 7
!
!
!
!
!
dial-peer voice 1 pots
 call-waiting
 ring 0
 port 1
 destination-pattern #######
!
dial-peer voice 2 pots
 call-waiting
 ring 0
 port 2
 destination-pattern #######
!
pots country US
!
ip subnet-zero
no ip source-route
!
isdn switch-type basic-ni
!
!
!
interface Ethernet0
 ip address 192.168.13.1 255.255.255.0
 ip access-group 121 in
 no ip proxy-arp
 ip nat inside
!
interface BRI0
 no ip address
 encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-ni
 isdn spid1 ############# #######
 isdn spid2 ############# #######
 isdn incoming-voice modem
 compress mppc
 ppp authentication chap pap callin
 ppp multilink
!
interface Dialer1
 description ISP
 ip address negotiated
 ip access-group 121 in
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 no ip split-horizon
 dialer remote-name Cisco1
 dialer pool 1
 dialer idle-timeout 70
 dialer string ####### class DialerClass
 dialer hold-queue 10
 dialer load-threshold 10 either
 dialer-group 1
 pulse-time 0
 ppp authentication chap pap callin
 ppp chap hostname yarcom
 ppp chap password 7
 ppp pap sent-username yarcom password 7
 ppp multilink
!
ip nat inside source list 18 interface Dialer1 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 18 permit 192.168.13.0 0.0.0.255
access-list 121 deny   udp any eq netbios-dgm any
access-list 121 deny   udp any eq netbios-ns any
access-list 121 deny   udp any eq netbios-ss any
access-list 121 deny   tcp any eq 137 any
access-list 121 deny   tcp any eq 138 any
access-list 121 deny   tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 120 0
 transport input none
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 login local
!
!
time-range TIME
 periodic daily 0:00 to 23:59
!
end
0
Comment
Question by:gklott
  • 4
  • 3
7 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 13643481
Access-list 121 will allow the necessary traffic, but you do need to setup two static NAT's for each port:

ip nat inside source static udp 192.168.13.x 5198 interface dialer1 5198
ip nat inside source static udp 192.168.13.x 5199 interface dialer1 5199

These two statements will forward the echolink traffic to the echolink PC on the inside network.  Specify the correct inside IP address (192.168.13.whatever) in the above statements for the EchoLink PC.
0
 

Author Comment

by:gklott
ID: 13643633
When I enter the statement above via telnet, it gets rejected.

ip nat inside source static udp 192.168.13.113 interface dialer1 5198
                                                             ^
% Invalid input detected at '^' marker.

(the maker is under the "i" in interface)

Suggestions?

73/gus
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 13643673
You left out the port number:

ip nat inside source static udp 192.168.13.113 5198 interface dialer1 5198
                                                                   ^^^
ip nat inside source static udp 192.168.13.113 5199 interface dialer1 5199
                                                                   ^^^
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:gklott
ID: 13643853
Thanks. Worked just as needed.

Now I have to do it on another system - same 804 and same config - except with DHCP inside with range 192.168.1.3 to 192.168.1.150. How would that be?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 13643895
Unfortunately, you can't, you'll have to manually change the statements above to direct the traffic to the destination PC in question.  Otherwise, you would need a public IP address per PC running EchoLink.
0
 

Author Comment

by:gklott
ID: 13644352
Thanks. That solved it.

73/gus
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 1400 total points
ID: 13644706
Glad to here its working.  Can you close out the question now?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question