?
Solved

Cisco 804 and EchoLink - Port forwarding to any computer

Posted on 2005-03-27
7
Medium Priority
?
447 Views
Last Modified: 2010-04-17
I need to configure my Cisco 804 router to accomplish the following:
"EchoLink requires that your router or firewall allow inbound and outbound UDP to destination ports 5198 and 5199, and outbound TCP to port 5200.  Source ports are dynamically assigned.  If you are using a home-network router, you will also need to configure the router to "forward" UDP ports 5198 and 5199 to the PC on which EchoLink is running."

Cisco connects to Verizon home ISDN.

Below is the current configuration. I tried adding lines such as:

Under interfaces Dialer1 and Ethernet0
ip access-group 122 out

And then I added:
access-list 122 permit udp any eq 5198 any
access-list 122 permit udp any eq 5199 any
access-list 121 permit udp any eq 5198 any
access-list 122 permit udp any eq 5199 any
access-list 122 permit tcp any eq 5200 any

When I try to do this, it locks up the route and I loose communications from the console or web. What do I change to make this happen so any computer in the inside can use these ports?

73/gus

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname yarcom
!
boot system flash:c800-y6-mw.121-3.XG6.bin
no logging buffered
enable secret 5
!
username yarcom password 7
!
!
!
!
!
dial-peer voice 1 pots
 call-waiting
 ring 0
 port 1
 destination-pattern #######
!
dial-peer voice 2 pots
 call-waiting
 ring 0
 port 2
 destination-pattern #######
!
pots country US
!
ip subnet-zero
no ip source-route
!
isdn switch-type basic-ni
!
!
!
interface Ethernet0
 ip address 192.168.13.1 255.255.255.0
 ip access-group 121 in
 no ip proxy-arp
 ip nat inside
!
interface BRI0
 no ip address
 encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-ni
 isdn spid1 ############# #######
 isdn spid2 ############# #######
 isdn incoming-voice modem
 compress mppc
 ppp authentication chap pap callin
 ppp multilink
!
interface Dialer1
 description ISP
 ip address negotiated
 ip access-group 121 in
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 no ip split-horizon
 dialer remote-name Cisco1
 dialer pool 1
 dialer idle-timeout 70
 dialer string ####### class DialerClass
 dialer hold-queue 10
 dialer load-threshold 10 either
 dialer-group 1
 pulse-time 0
 ppp authentication chap pap callin
 ppp chap hostname yarcom
 ppp chap password 7
 ppp pap sent-username yarcom password 7
 ppp multilink
!
ip nat inside source list 18 interface Dialer1 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 18 permit 192.168.13.0 0.0.0.255
access-list 121 deny   udp any eq netbios-dgm any
access-list 121 deny   udp any eq netbios-ns any
access-list 121 deny   udp any eq netbios-ss any
access-list 121 deny   tcp any eq 137 any
access-list 121 deny   tcp any eq 138 any
access-list 121 deny   tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 120 0
 transport input none
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 login local
!
!
time-range TIME
 periodic daily 0:00 to 23:59
!
end
0
Comment
Question by:gklott
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 13643481
Access-list 121 will allow the necessary traffic, but you do need to setup two static NAT's for each port:

ip nat inside source static udp 192.168.13.x 5198 interface dialer1 5198
ip nat inside source static udp 192.168.13.x 5199 interface dialer1 5199

These two statements will forward the echolink traffic to the echolink PC on the inside network.  Specify the correct inside IP address (192.168.13.whatever) in the above statements for the EchoLink PC.
0
 

Author Comment

by:gklott
ID: 13643633
When I enter the statement above via telnet, it gets rejected.

ip nat inside source static udp 192.168.13.113 interface dialer1 5198
                                                             ^
% Invalid input detected at '^' marker.

(the maker is under the "i" in interface)

Suggestions?

73/gus
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 13643673
You left out the port number:

ip nat inside source static udp 192.168.13.113 5198 interface dialer1 5198
                                                                   ^^^
ip nat inside source static udp 192.168.13.113 5199 interface dialer1 5199
                                                                   ^^^
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:gklott
ID: 13643853
Thanks. Worked just as needed.

Now I have to do it on another system - same 804 and same config - except with DHCP inside with range 192.168.1.3 to 192.168.1.150. How would that be?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 13643895
Unfortunately, you can't, you'll have to manually change the statements above to direct the traffic to the destination PC in question.  Otherwise, you would need a public IP address per PC running EchoLink.
0
 

Author Comment

by:gklott
ID: 13644352
Thanks. That solved it.

73/gus
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 1400 total points
ID: 13644706
Glad to here its working.  Can you close out the question now?
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question