Solved

NAT configuration on cisco 1941

Posted on 2011-03-01
5
1,391 Views
Last Modified: 2012-05-11
I am new in cisco, and I have one question about NAT. I have a 1941 router. I need to do port forwarding for TCP 2326-2365 and TCP/UDP 555-5560 from outside 63.100.100.1 to one of our internal server (IP 192.168.0.1). Please help me step by step how to do this. Also is it safe to open TCP/UDP 555-5560? It seems some Trojan are usng those ports. Thank you in advance.
0
Comment
Question by:weikiiro
5 Comments
 
LVL 13

Expert Comment

by:GuruChiu
ID: 35013578
You do mean 555-5560, not 5550-5560? The way Cisco implement port forwarding, you have to list the ports one by one. I do not aware a way to port forward a range. That means to forward port 555-5560 you need thousands of line. Pls confirm you indeed want 555 not 5550.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 35013665
So, based on the ports, I am presuming you're trying to make a Tandberg Classic Video Conferencing system available on the Internet to outside companies trying to make video calls to your company. (notes from http://www.vsgi.com/support/technical_faq.php)
So the following ports need to be opened in both directions:

TCP 1720
TCP 5555-5560
UDP 2326-2365

What version of the IOS are you running on the 1941?  We can crank out a configuration with explanations for you fairly quickly.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35014766
please show the whole config
0
 

Author Comment

by:weikiiro
ID: 35021202
Yes, we are trying to make a tanberg VC system available on the internet. I know how to open signal ports, but how can I open a range of ports?
TCP 1720
TCP 5555-5560
UDP 2326-2365

How can I find out my IOS? Thank you.
0
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 500 total points
ID: 35021838
Here are my proposed changes:

name 192.168.0.1 Tandberg-Int
name 63.100.100.1 Tandberg-Ext
object-group service Tandberg-Ext-TCP tcp
 port-object eq h323
 port-object eq sip
 port-object range 5555-5560
object-group service Tandberg-Ext-UDP udp
 port-object eq sip
 port-object range 2326-2365
access-list outside_access_in extended permit udp any host Tandberg-Ext object-group Tandberg-Ext-UDP
access-list outside_access_in extended permit tcp any host Tandberg-Ext object-group Tandberg-Ext-TCP
static (inside,outside) Tandberg-Ext Tandberg-Int netmask 255.255.255.255
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey there Heard about jingle, the add on for XMPP that enables point to point audio between two XMPP clients. No server config necessary. Actually quite a cool feature. However, how good is it if you can not use those voice capabilities to do a P…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now