How do I open ports 25, 80, 443 & 987 on a cisco 857 router?

I am in the process of setting up a new Server with SBS 2008.  When setting up in SBS console I go into Network tab and then Connectivity tab and click on fix my network it comes up with the following error:

"Could not configure the router"
"The server cannot open ports on the router. Ensure the ports 80, 443 and 987 are opened and pointed the IP address on the server. If you are using email open port 25, and if you are using VPN, open port 1723."

I would like to open ports 25, 80, 443 and 987.  How do i do this in a simple step by step method please.  I have very basic cisco knowledge.  I have attached a copy of my current cisco config for your info.  Thanks.


Building configuration...

Current configuration : 6894 bytes
!
! Last configuration change at 14:45:09 Sydney Thu Apr 15 2010 by advantage
! NVRAM config last updated at 17:48:43 Sydney Tue Apr 13 2010 by FACULTY
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
no service dhcp
!
hostname TB_BB_Advantage
!
boot-start-marker
boot-end-marker
!
logging buffered 16000
no logging console
enable secret 5 $1$FA8f$uIHyeG22zwdk/Fqxygv/E0
!
no aaa new-model
clock timezone Sydney 10
clock summer-time Sydney date Mar 30 2003 3:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1082782905
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1082782905
 revocation-check none
 rsakeypair TP-self-signed-1082782905
!
!
crypto pki certificate chain TP-self-signed-1082782905
 certificate self-signed 01
  3082025C 308201C5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31303832 37383239 3035301E 170D3032 30333031 31373538 
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30383237 
  38323930 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100C6FA E1D4219A 8893A90A 2C1324D2 1CE28BC7 2635EB25 477C9A67 1A2F3DDB 
  EC0E54D5 2DC4807D D5B546EE 0CB8A769 901DAF93 D04A49CF 45E2C8C7 FDBDD351 
  E8FD06F6 FB967D7B 87EA15CD EFF2F6C5 323D39F4 4A83BBFC 32B5FC79 818030AF 
  6BBFA424 A5B5A51D B269044A D59A6711 C9BF9B9A D1169266 44572ADB 95760D1E 
  AAB10203 010001A3 81833081 80300F06 03551D13 0101FF04 05300301 01FF302D 
  0603551D 11042630 24822254 425F4242 5F416476 616E7461 67652E64 69726563 
  742E7465 6C737472 612E6E65 74301F06 03551D23 04183016 80149BF1 28C2F65C 
  92462793 90CCC74D 106C225E 5CCA301D 0603551D 0E041604 149BF128 C2F65C92 
  46279390 CCC74D10 6C225E5C CA300D06 092A8648 86F70D01 01040500 03818100 
  66529B38 59D232E5 DCBE33C6 B18AB36C 33221C69 B8A312DE 17CFF3BB 2FEBBE73 
  26E3700D ACCB3746 308C996F 1DD71F6D DF628041 3298D8D7 D933A34F 5A57BE74 
  688B9E0B 22DCEAF5 902C33D7 EF2D9090 FD42E2F0 2DFD17BA 1D1F68DF DD88C058 
  D8D1F7DA E80675CF 25A8B1AA 32A3D8D5 325246A8 284A11EF 59346126 FDDC56EB
  	quit
dot11 syslog
!
dot11 ssid Faculty WiFi
   authentication open 
   authentication key-management wpa optional
   guest-mode
   wpa-psk ascii 7 022005581E0A1B381D1A5841
!
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.150 192.168.1.254
ip dhcp excluded-address 192.168.1.1 192.168.1.109
!
ip dhcp pool CUSTOMER_LAN_POOL
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 203.50.2.71 139.130.4.4 
!
!
ip cef
no ip bootp server
ip domain name direct.telstra.net
ip name-server 203.50.2.71
ip name-server 139.130.4.4
!
!
!
username advantage privilege 15 secret 5 $1$ykUP$ZtUisdBY6G8UcGJVhCn/10
username facult0@direct.telstra.net privilege 15 secret 5 $1$.uwu$ZfOv/EK38FKvSmjBrs8S2.
username Faculty privilege 15 view root secret 5 $1$bxVr$yKl/FD4/409XWUUWCbn0Q.
! 
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no atm ilmi-keepalive
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto 
!
interface FastEthernet0
 spanning-tree portfast
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers tkip wep128 
 !
 ssid Faculty WiFi
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description CUSTOMER_LOCAL_LAN
 no ip address
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Dialer0
 description ADSL Link FNN xxxxxxx$FW_INSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname facult0@direct.telstra.net
 ppp chap password 7 065559721C1D
!
interface BVI1
 description $FW_OUTSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 22 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.100 3389 interface Dialer0 40100
ip nat inside source static tcp 192.168.1.101 3389 interface Dialer0 40101
ip nat inside source static tcp 192.168.1.102 3389 interface Dialer0 40102
ip nat inside source static tcp 192.168.1.103 3389 interface Dialer0 40103
ip nat inside source static tcp 192.168.1.104 3389 interface Dialer0 40104
ip nat inside source static tcp 192.168.1.105 3389 interface Dialer0 40105
ip nat inside source static tcp 192.168.1.106 3389 interface Dialer0 40106
ip nat inside source static tcp 192.168.1.107 3389 interface Dialer0 40107
ip nat inside source static tcp 192.168.1.108 3389 interface Dialer0 40108
ip nat inside source static tcp 192.168.1.109 3389 interface Dialer0 40109
ip nat inside source static tcp 192.168.1.110 3389 interface Dialer0 40110
ip nat inside source static tcp 192.168.1.111 3389 interface Dialer0 40111
ip nat inside source static tcp 192.168.1.112 3389 interface Dialer0 40112
ip nat inside source static tcp 192.168.1.113 3389 interface Dialer0 40113
!
access-list 22 permit 192.168.1.0 0.0.0.255
no cdp run
!
control-plane
!
bridge 1 route ip
banner login ^C

***********************************************************************
* Access to this computer system is limited to authorised users only. *
* Unauthorised users may be subject to prosecution under the Crimes   *
*                       Act or State legislation                      *
*                                                                     *
* Please note, ALL CUSTOMER DETAILS are confidential and must         *
*                         not be disclosed.                           *
***********************************************************************
^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 2
 access-class 22 in
 login local
 transport input telnet
line vty 3 4
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window

fix-my-network-error.jpg
Billy_BoyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SteveNetwork ManagerCommented:

login to router via telnet.

enable
<enter enable password>

conf t
ip nat inside source static tcp <IP OF SBS Server> 987 interface Dialer0 987
ip nat inside source static tcp <IP OF SBS Server> 443 interface Dialer0 443
ip nat inside source static tcp <IP OF SBS Server> 80 interface Dialer0 80
ip nat inside source static tcp <IP OF SBS Server> 25 interface Dialer0 25
ip nat inside source static tcp <IP OF SBS Server> 1723 interface Dialer0 1723
exit


all done.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SteveNetwork ManagerCommented:
ohh forgot.. before you exit type :

wr mem

to write the changes to memory ;)

0
Billy_BoyAuthor Commented:
I have tried as above and all code is entered but SBS 2008 is still coming up with the same error.  Any thoughts?
Building configuration...

Current configuration : 7250 bytes
!
! Last configuration change at 17:37:28 Sydney Thu Apr 15 2010 by FACULTY
! NVRAM config last updated at 17:05:37 Sydney Thu Apr 15 2010 by FACULTY
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
no service dhcp
!
hostname TB_BB_Advantage
!
boot-start-marker
boot-end-marker
!
logging buffered 16000
no logging console
enable secret 5 $1$FA8f$uIHyeG22zwdk/Fqxygv/E0
!
no aaa new-model
clock timezone Sydney 10
clock summer-time Sydney date Mar 30 2003 3:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1082782905
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1082782905
 revocation-check none
 rsakeypair TP-self-signed-1082782905
!
!
crypto pki certificate chain TP-self-signed-1082782905
 certificate self-signed 01
  3082025C 308201C5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31303832 37383239 3035301E 170D3032 30333031 31373538 
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30383237 
  38323930 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100C6FA E1D4219A 8893A90A 2C1324D2 1CE28BC7 2635EB25 477C9A67 1A2F3DDB 
  EC0E54D5 2DC4807D D5B546EE 0CB8A769 901DAF93 D04A49CF 45E2C8C7 FDBDD351 
  E8FD06F6 FB967D7B 87EA15CD EFF2F6C5 323D39F4 4A83BBFC 32B5FC79 818030AF 
  6BBFA424 A5B5A51D B269044A D59A6711 C9BF9B9A D1169266 44572ADB 95760D1E 
  AAB10203 010001A3 81833081 80300F06 03551D13 0101FF04 05300301 01FF302D 
  0603551D 11042630 24822254 425F4242 5F416476 616E7461 67652E64 69726563 
  742E7465 6C737472 612E6E65 74301F06 03551D23 04183016 80149BF1 28C2F65C 
  92462793 90CCC74D 106C225E 5CCA301D 0603551D 0E041604 149BF128 C2F65C92 
  46279390 CCC74D10 6C225E5C CA300D06 092A8648 86F70D01 01040500 03818100 
  66529B38 59D232E5 DCBE33C6 B18AB36C 33221C69 B8A312DE 17CFF3BB 2FEBBE73 
  26E3700D ACCB3746 308C996F 1DD71F6D DF628041 3298D8D7 D933A34F 5A57BE74 
  688B9E0B 22DCEAF5 902C33D7 EF2D9090 FD42E2F0 2DFD17BA 1D1F68DF DD88C058 
  D8D1F7DA E80675CF 25A8B1AA 32A3D8D5 325246A8 284A11EF 59346126 FDDC56EB
  	quit
dot11 syslog
!
dot11 ssid Faculty WiFi
   authentication open 
   authentication key-management wpa optional
   guest-mode
   wpa-psk ascii 7 022005581E0A1B381D1A5841
!
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.150 192.168.1.254
ip dhcp excluded-address 192.168.1.1 192.168.1.109
!
ip dhcp pool CUSTOMER_LAN_POOL
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 203.50.2.71 139.130.4.4 
!
!
ip cef
no ip bootp server
ip domain name direct.telstra.net
ip name-server 203.50.2.71
ip name-server 139.130.4.4
!
!
!
username advantage privilege 15 secret 5 $1$ykUP$ZtUisdBY6G8UcGJVhCn/10
username facult0@direct.telstra.net privilege 15 secret 5 $1$.uwu$ZfOv/EK38FKvSmjBrs8S2.
username Faculty privilege 15 view root secret 5 $1$bxVr$yKl/FD4/409XWUUWCbn0Q.
! 
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no atm ilmi-keepalive
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto 
!
interface FastEthernet0
 spanning-tree portfast
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers tkip wep128 
 !
 ssid Faculty WiFi
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description CUSTOMER_LOCAL_LAN
 no ip address
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Dialer0
 description ADSL Link FNN xxxxxxx$FW_INSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname facult0@direct.telstra.net
 ppp chap password 7 065559721C1D
!
interface BVI1
 description $FW_OUTSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 22 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.100 3389 interface Dialer0 40100
ip nat inside source static tcp 192.168.1.101 3389 interface Dialer0 40101
ip nat inside source static tcp 192.168.1.102 3389 interface Dialer0 40102
ip nat inside source static tcp 192.168.1.103 3389 interface Dialer0 40103
ip nat inside source static tcp 192.168.1.104 3389 interface Dialer0 40104
ip nat inside source static tcp 192.168.1.105 3389 interface Dialer0 40105
ip nat inside source static tcp 192.168.1.106 3389 interface Dialer0 40106
ip nat inside source static tcp 192.168.1.107 3389 interface Dialer0 40107
ip nat inside source static tcp 192.168.1.108 3389 interface Dialer0 40108
ip nat inside source static tcp 192.168.1.109 3389 interface Dialer0 40109
ip nat inside source static tcp 192.168.1.110 3389 interface Dialer0 40110
ip nat inside source static tcp 192.168.1.111 3389 interface Dialer0 40111
ip nat inside source static tcp 192.168.1.112 3389 interface Dialer0 40112
ip nat inside source static tcp 192.168.1.113 3389 interface Dialer0 40113
ip nat inside source static tcp 192.168.1.100 987 interface Dialer0 987
ip nat inside source static tcp 192.168.1.100 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.100 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.100 25 interface Dialer0 25
ip nat inside source static tcp 192.168.1.100 1723 interface Dialer0 1723
!
access-list 22 permit 192.168.1.0 0.0.0.255
no cdp run
!
control-plane
!
bridge 1 route ip
banner login ^C

***********************************************************************
* Access to this computer system is limited to authorised users only. *
* Unauthorised users may be subject to prosecution under the Crimes   *
*                       Act or State legislation                      *
*                                                                     *
* Please note, ALL CUSTOMER DETAILS are confidential and must         *
*                         not be disclosed.                           *
***********************************************************************
^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 2
 access-class 22 in
 login local
 transport input telnet
line vty 3 4
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

gvalsekCommented:
it sounds strange that SBS needs inbound connection from the internet....

an obvious question; can you surf the internet from the SBS server ? is your DNS/Active Directory server configured ?
0
SteveNetwork ManagerCommented:
the commands i gave you before open those ports so that machines on the internet can access your SBS server as required..

the error you are seeing is fine.. its saying that Windows cant access or configure the router but thats ok because you've now done it..

it says please make sure that it is configured .. (which it is).. so just press next..

0
Billy_BoyAuthor Commented:
gvalsek - yes the server can access the internet and the dns are setup.

psychofelix - i will take your answer as being complete.  Thanks.  The wizard still comes up with an error.

THe reason for me finding this error is that I am trying to complete the setting up task of connecting to the internet. When it asks me to enter the domain name i have to enter it manually as our domain is a .com.au.  When i do enter our whole domain and click next it comes up with an error.  I will have to look into this further.  Any clues to this problem would be appreciated.
0
SteveNetwork ManagerCommented:
you need to use a companyname.local (not .com.au)

0
OmarSenussiCommented:
Hi Quick question.. Do these commands also work for a Cisco PIX?
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.