asked on Port forwarding cisco 837
Hi
I want to configure my cisco 837 to forward ports 25,80,443, to my exhange server, but I am not sure what the commands are.
I want to configure my cisco 837 to forward ports 25,80,443, to my exhange server, but I am not sure what the commands are.
Routers
Last Comment
dacselat
If i was you i would set "dmz" that would forward all the traffic (every port) to what ip address you want ie your server then let your server deal with it
ASKER
what is dmz? I've heard of it.... is it safe to port forward all outside traffic to my server though?
You need to add static NAT entries and possibly access-list rules. Can you post your configuration? It will make it easier.
ASKER
Password:
Router>en
Password:
Router#Show running-config
Building configuration...
Current configuration : 5187 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$OJik$j/nBnvxwOGhysHNfcr
enable password password
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.13.1.1 10.13.1.49
ip dhcp excluded-address 10.13.1.101 10.13.1.254
!
ip dhcp pool default
Router#
Router#
Router#
Router#Show running-config
Building configuration...
Current configuration : 5187 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$OJik$j/nBnvxwOGhysHNfcr
enable password password
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.13.1.1 10.13.1.49
ip dhcp excluded-address 10.13.1.101 10.13.1.254
!
ip dhcp pool default
import all
dns-server 62.24.128.17 62.24.128.18
!
ip dhcp pool steve
network 10.13.1.0 255.255.255.0
default-router 10.13.1.1
dns-server 62.24.128.18
!
!
ip name-server 62.24.128.17
ip name-server 62.24.128.18
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key Password address remote ip
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toremote ip
set peer remote ip
set transform-set ESP-3DES-SHA
match address 102
!
!
!
!
interface Ethernet0
description $FW_INSIDE$
ip address 10.13.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip tcp adjust-mss 1392
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
description $FW_OUTSIDE$
ip address 62.24.X.X 255.255.255.252
ip access-group 101 in
ip nat outside
ip inspect SDM_LOW out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@ecocallnet.co.uk
ppp chap password 0 password
ppp pap sent-userecocallnet.co.uk password 0 password
crypto map SDM_CMAP_1
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 62.24.236.60 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.13.1.0 0.0.0.255
access-list 101 permit udp host remote ip host 62.24.X.X eq non500-isakmp
access-list 101 permit udp host remote ip host 62.24.X.X eq isakmp
access-list 101 permit esp host remote ip host 62.24.X.X
access-list 101 permit ahp host remote ip host 62.24.X.X
access-list 101 permit udp host 62.24.128.18 eq domain host 62.24.X.X
access-list 101 permit udp host 62.24.128.17 eq domain host 62.24.X.X
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 permit icmp any host 62.24.X.X echo-reply
access-list 101 permit icmp any host 62.24.X.X time-exceeded
access-list 101 permit icmp any host 62.24.X.X unreachable
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 permit icmp any host 62.24.X.X
access-list 101 deny ip any any log
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.13.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny ip 10.13.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
match ip address 103
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
exec-timeout 120 0
password Password
login
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end
Router#
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ip nat inside source static tcp "yourserverIP" 25 "yourpublicIP" 25
ip nat inside source static tcp "yourserverIP" 80 "yourpublicIP" 80
ip nat inside source static tcp "yourserverIP" 443 "yourpublicIP" 443
or
ip nat inside source static tcp "yourserverIP" 25 interface "yourinternetinterface" 25
ip nat inside source static tcp "yourserverIP" 80 "yourinternetinterface" 80
ip nat inside source static tcp "yourserverIP" 443 "yourinternetinterface" 443
And:
!The interface used by your server
interface XX
ip nat inside
!The interface used by your internet connection
interface YY
ip nat outside
ip nat inside source static tcp "yourserverIP" 80 "yourpublicIP" 80
ip nat inside source static tcp "yourserverIP" 443 "yourpublicIP" 443
or
ip nat inside source static tcp "yourserverIP" 25 interface "yourinternetinterface" 25
ip nat inside source static tcp "yourserverIP" 80 "yourinternetinterface" 80
ip nat inside source static tcp "yourserverIP" 443 "yourinternetinterface" 443
And:
!The interface used by your server
interface XX
ip nat inside
!The interface used by your internet connection
interface YY
ip nat outside