?
Solved

opening ports on a cisco router

Posted on 2007-10-05
4
Medium Priority
?
377 Views
Last Modified: 2010-04-17
I have two questions about cisco router configuration first I need to open ports for a video cong unit. natted at my router the ports I need to open are:

1719 udp and tcp

2326 through 2376 both udp and tcp

5555 through 5587 both udp and tcp

the video unit has a static natted at the router should I do something like this:

access-list 100 permit udp any any eq 1719  and so on or should I do access-list 100 permit tcp any host xxx.xxx.xxx.xxx (public ip) eq1719

and how do I allow a range say 5555 through 5587?

Second how do I change speeds on my interfaces

 interf fa0/0 (its set to auto)?

Thanks in advance
0
Comment
Question by:dwoodfie74
  • 2
  • 2
4 Comments
 
LVL 14

Expert Comment

by:bfason
ID: 20024143
Option b on the access list

for a range do access-list 100 permit udp any host xxx.xxx.xxx.xxx range 5555 5587

to change the speed it is
Interface fa0/0
 speed 100 (or 10)
 duplex full (or half)

Hope this helps
B
0
 

Author Comment

by:dwoodfie74
ID: 20036890
This is what I have the static is natted at the router with these ports open and I still cannot receive video and audio any ideas? Do i need to allow ports for my internal ip?

access-list 100 permit udp any host 24.56.160.220 range 5555 5587
access-list 100 permit tcp any host 24.56.160.220 range 5555 5587
access-list 100 permit tcp any host 24.56.160.220 eq 1719
access-list 100 permit udp any host 24.56.160.220 eq 1719
access-list 100 permit udp any host 24.56.160.220 range 2326 2376
access-list 100 permit tcp any host 24.56.160.220 range 2326 2376
0
 
LVL 14

Accepted Solution

by:
bfason earned 1000 total points
ID: 20036923
Do you have anything allowing communcation to the internal devices?
0
 

Author Comment

by:dwoodfie74
ID: 20037181
I can call and initiate a video session with no problem but when they call me I can accept the call but I cannot see or hear them but they can still hear and see me.

this is my current config:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cmhcrouter
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$GKTc$FYMaCHw4CFwM6FlHcCUO51
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.99
!
ip dhcp pool sdm-pool1
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
!
!
no ip bootp server
ip domain name cmha.ts1
ip name-server 24.56.133.69
ip name-server 24.56.133.70
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-3472870003
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3472870003
revocation-check none
rsakeypair TP-self-signed-3472870003
!
!
crypto pki certificate chain TP-self-signed-3472870003
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343732 38373030 3033301E 170D3037 30393234 31363434
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34373238
37303030 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D6BF ABC661DA 99E4BB1C 22A005DC F3FF6D9C 013ADF03 F8FC8D8D 63FFE8CC
84D8A0C0 439A6848 1AE8F94B 7D8ACD97 65850CBB 037E2935 83994A67 527C5D13
406D6BAC B8F0FD16 74032A9B 6285FAD1 D60C115F 6CEA6A6B FAE5D1A3 7362204A
32705935 054B3DA2 A7C30E77 56B2E76D 829D9585 981FBCE8 0C516CF2 BB9CB679
9A210203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13636D68 63726F75 7465722E 636D6861 2E747331 301F0603
551D2304 18301680 14D37AD3 E3BF1E2C AAB3F916 459F2543 0CA6A208 06301D06
03551D0E 04160414 D37AD3E3 BF1E2CAA B3F91645 9F25430C A6A20806 300D0609
2A864886 F70D0101 04050003 81810037 71AE67F5 7866FB3D 6654CB53 4C56A7A5
CF46C7F8 99F76768 08B5254A 3CB602B1 7FF62F5A AB6EC975 BB4E59B3 F129F9FD
AAFB7699 124D918E 357DC94B 8DD3DCF2 B328ABA0 ADD5DADE E8739384 7BCADFC1
7B6AF816 C4A9A926 F3633E2D A69E1688 394EE72D 45FBBA46 95B34EA8 CEDAEB39
CD9B0370 B1625FA1 97FF16AC 1515AD
quit
username djw privilege 15 secret 5 $1$fF06$tANxj.Jwj.KLfpXkuXlXp/
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address 24.56.160.50 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 24.56.160.49
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map InternetNAT interface FastEthernet0/1 overload
ip nat inside source static 192.168.10.1 24.56.160.217
ip nat inside source static 192.168.10.6 24.56.160.218
ip nat inside source static 192.168.10.5 24.56.160.219
ip nat inside source static 192.168.10.20 24.56.160.220
ip nat inside source static 192.168.10.21 24.56.160.221
!
ip access-list extended InternetNAT
deny   ip host 192.168.10.1 any
deny   ip host 192.168.10.5 any
deny   ip host 192.168.10.20 any
deny   ip host 192.168.10.21 any
permit ip 192.168.10.0 0.0.0.255 any
!
logging trap debugging
access-list 100 permit udp any host 24.56.160.220 range 5555 5587
access-list 100 permit tcp any host 24.56.160.220 range 5555 5587
access-list 100 permit tcp any host 24.56.160.220 eq 1719
access-list 100 permit udp any host 24.56.160.220 eq 1719
access-list 100 permit udp any host 24.56.160.220 range 2326 2376
access-list 100 permit tcp any host 24.56.160.220 range 2326 2376
no cdp run
route-map InternetNAT permit 10
match ip address InternetNAT
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question