We help IT Professionals succeed at work.

Port forwarding cisco 837

Dan560
Dan560 asked
on
906 Views
Last Modified: 2010-05-18
Hi

I want to configure my cisco 837 to forward ports 25,80,443, to my exhange server, but I am not sure what the commands are.
Comment
Watch Question

If i was you i would set "dmz" that would forward all the traffic (every port) to what ip address you want ie your server then let your server deal with it

Author

Commented:
what is dmz? I've heard of it.... is it safe to port forward all outside traffic to my server though?
Top Expert 2009

Commented:
You need to add static NAT entries and possibly access-list rules.  Can you post your configuration?  It will make it easier.

Author

Commented:



Password:
Router>en
Password:
Router#Show running-config
Building configuration...

Current configuration : 5187 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$OJik$j/nBnvxwOGhysHNfcr6uO/
enable password password
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.13.1.1 10.13.1.49
ip dhcp excluded-address 10.13.1.101 10.13.1.254
!
ip dhcp pool default

Router#
Router#
Router#
Router#Show running-config
Building configuration...

Current configuration : 5187 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$OJik$j/nBnvxwOGhysHNfcr6uO/
enable password password
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.13.1.1 10.13.1.49
ip dhcp excluded-address 10.13.1.101 10.13.1.254
!
ip dhcp pool default
   import all
   dns-server 62.24.128.17 62.24.128.18
!
ip dhcp pool steve
   network 10.13.1.0 255.255.255.0
   default-router 10.13.1.1
   dns-server 62.24.128.18
!
!
ip name-server 62.24.128.17
ip name-server 62.24.128.18
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key Password address remote ip
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel toremote ip
 set peer remote ip
 set transform-set ESP-3DES-SHA
 match address 102
!
!
!
!
interface Ethernet0
 description $FW_INSIDE$
 ip address 10.13.1.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 ip tcp adjust-mss 1392
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address 62.24.X.X 255.255.255.252
 ip access-group 101 in
 ip nat outside
 ip inspect SDM_LOW out
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname user@ecocallnet.co.uk
 ppp chap password 0 password
 ppp pap sent-userecocallnet.co.uk password 0 password
 crypto map SDM_CMAP_1
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 62.24.236.60 0.0.0.3 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.13.1.0 0.0.0.255
access-list 101 permit udp host remote ip host 62.24.X.X eq non500-isakmp
access-list 101 permit udp host remote ip host 62.24.X.X eq isakmp
access-list 101 permit esp host remote ip host 62.24.X.X
access-list 101 permit ahp host remote ip host 62.24.X.X
access-list 101 permit udp host 62.24.128.18 eq domain host 62.24.X.X
access-list 101 permit udp host 62.24.128.17 eq domain host 62.24.X.X
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 permit icmp any host 62.24.X.X echo-reply
access-list 101 permit icmp any host 62.24.X.X time-exceeded
access-list 101 permit icmp any host 62.24.X.X unreachable
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 permit icmp any host 62.24.X.X
access-list 101 deny   ip any any log
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.13.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny   ip 10.13.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
 match ip address 103
!
!
control-plane
!
!
line con 0
 no modem enable
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 exec-timeout 120 0
 password Password
 login
 length 0
 transport preferred all
 transport input all
 transport output all
!
scheduler max-task-time 5000
!
end

Router#
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
ip nat inside source static tcp "yourserverIP" 25 "yourpublicIP" 25
ip nat inside source static tcp "yourserverIP" 80 "yourpublicIP" 80
ip nat inside source static tcp "yourserverIP" 443 "yourpublicIP" 443

or

ip nat inside source static tcp "yourserverIP" 25 interface "yourinternetinterface" 25
ip nat inside source static tcp "yourserverIP" 80 "yourinternetinterface" 80
ip nat inside source static tcp "yourserverIP" 443 "yourinternetinterface" 443

And:

!The interface used by your server
interface XX
  ip nat inside

!The interface used by your internet connection
interface YY
  ip nat outside
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.