troubleshooting Question

Problem port forwarding on cisco 1800 series router/switch

Avatar of FIFBA
FIFBA asked on
RoutersHardware FirewallsCisco
3 Comments2 Solutions663 ViewsLast Modified:
I've set up dozens of Cisco firewalls but am having trouble getting the results I'm going for on this Cisco 1800 series router/switch. Obviously the syntax is a bit different and I feel I must be missing something.

All I need to do is port forward the following:

port 3389 to 192.168.1.3

I have a couple more to forward but for now I'd be happy to accomplish the above. Any help is appreciated.




version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$cCg.$4iOFs43rXXUwQhCITV6cz1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.19
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name alwan.net
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 pop3
!
!
crypto pki trustpoint TP-self-signed-3063514330
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3063514330
 revocation-check none
 rsakeypair TP-self-signed-3063514330
!
!
crypto pki certificate chain TP-self-signed-3063514330
 certificate self-signed 01
<data omitted>
 
  quit
username admin privilege 15 secret 5 $1$VBeH$7UASS5ABk.AN/mrg7LqTU/
!
!
!
!
!
!
interface FastEthernet0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1
 description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
 ip address x.x.x.205 255.255.255.252
 ip access-group 199 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect DEFAULT100 out
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.254 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 x.x.x.206
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet1 overload
ip nat inside source static tcp 192.168.1.3 3389 173.15.107.205 3389 extendable
!
logging trap warnings
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 68.87.77.130 eq domain any
access-list 101 permit udp host 68.87.72.130 eq domain any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any
access-list 199 permit tcp any eq 3389 any
access-list 199 permit tcp any eq 6200 any
access-list 199 permit tcp any eq 6100 any
no cdp run
!
!
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
 
router#
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 2 Answers and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros