Solved

port forwarding rule not working cisco 837

Posted on 2008-10-15
6
303 Views
Last Modified: 2012-05-05
hi i am trying to port forward port 80 to my network drive that listens on this port.
can someone take a look at my config, it doesnt seem to be working.
the internal ip of the drive is 10.11.1.3 and i would like to access it from the outside for administrative purposes thanks...
Building configuration...
 
Current configuration : 5814 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$z9rX$ZH3myMhQ7t/j/Gb4bqOh.0
enable password password
!
clock timezone London 0
clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.11.1.1 10.11.1.99
!
ip dhcp pool Default
   import all
   network 10.11.1.0 255.255.255.0
   dns-server 194.72.0.114 62.6.40.162 
   default-router 10.11.1.1 
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip ips po max-events 100
no ftp-server write-enable
!
!
username admin privilege 15 view root secret 5 $1$r3GO$v2o3/79JBJjz2TJmKC2ya0
!
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key password address 90.x.x.x
crypto isakmp key password address 82.x.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac 
!
crypto map SDM_CMAP_1 1 ipsec-isakmp 
 description Tunnel to90.x.x.x
 set peer 90.x.x.x
 set transform-set ESP-3DES-SHA 
 match address 102
crypto map SDM_CMAP_1 2 ipsec-isakmp 
 description Tunnel to82.x.x.x
 set peer 82.x.x.x
 set security-association lifetime seconds 86400
 set transform-set ESP-3DES-SHA1 
 match address 104
!
!
!
interface Ethernet0
 description $FW_INSIDE$
 ip address 10.11.1.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address 213.x.x.x255.255.255.248
 ip access-group 101 in
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname 
 ppp chap password 0 
 crypto map SDM_CMAP_1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static tcp 10.11.1.3 80 213.x.x.x80 extendable
!
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.11.1.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 213.120.112.136 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark IPSec Rule
access-list 101 permit ip 10.12.1.0 0.0.0.255 10.11.1.0 0.0.0.255
access-list 101 permit udp host 82.x.x.x host 213.x.x.xeq non500-isakmp
access-list 101 permit udp host 82.x.x.x host 213.x.x.xeq isakmp
access-list 101 permit esp host 82.x.x.x host 213.120.112.140
access-list 101 permit ahp host 82.x.x.x host 213.120.112.140
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.11.1.0 0.0.0.255
access-list 101 permit udp host 90.x.x.x host 213.x.x.xeq non500-isakmp
access-list 101 permit udp host 90.x.x.x host 213.x.x.xeq isakmp
access-list 101 permit esp host 90.x.x.x host 213.120.112.140
access-list 101 permit ahp host 90.x.x.x host 213.120.112.140
access-list 101 deny   ip 10.11.1.0 0.0.0.255 any
access-list 101 permit icmp any host 213.x.x.xecho-reply
access-list 101 permit icmp any host 213.x.x.xtime-exceeded
access-list 101 permit icmp any host 213.x.x.xunreachable
access-list 101 permit tcp any host 213.x.x.xeq www
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.11.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny   ip 10.11.1.0 0.0.0.255 10.12.1.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 10.11.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 10.11.1.0 0.0.0.255 any
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.11.1.0 0.0.0.255 10.12.1.0 0.0.0.255
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
 match ip address 103
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 120 0
 password password
 login
 length 0
!
scheduler max-task-time 5000
end

Open in new window

0
Comment
Question by:Dan560
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 2

Author Comment

by:Dan560
ID: 22723035
this is the spec of the drive, i think what i am trying to should work
http://www.lacie.com/products/product.htm?pid=10994
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22723057
Your WAN interface access-list is blocking your attempt.

Add this:

conf t
ip access-list ext 101
no deny ip any any log
permit tcp any host 213.x.x.x eq 80
deny ip any any log
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22723074
Oops, sorry, didn't see you had the entry in your ACL...
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 43

Expert Comment

by:JFrederick29
ID: 22723098
From internal, can you access it on port 80?

You may need to disable the HTTP server on the router as it may conflict with your drive.

conf t
no ip http server   <--this of course disable HTTP access to the router (if you are using it)
0
 
LVL 2

Author Comment

by:Dan560
ID: 22723132
does SDM use http?
preferably i'd like to keep it.
I know the lacie can listen on port 443.

so shall i do this..?
conf t
ip access-list ext 101
no deny ip any any log
permit tcp any host 213.x.x.x eq 443
deny ip any any log

how to I configure the nat route?
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22723143
Yes, SDM uses the HTTP server.  You can use 443 since the drive supports it.

Remove the 80 rule and add the 443 rule.

conf t
no ip nat inside source static tcp 10.11.1.3 80 213.x.x.x80 extendable
ip nat inside source static tcp 10.11.1.3 443 213.x.x.x 443 extendable
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month11 days, 7 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question