Solved

NAT configuration on cisco 1941

Posted on 2011-03-01
5
1,390 Views
Last Modified: 2012-05-11
I am new in cisco, and I have one question about NAT. I have a 1941 router. I need to do port forwarding for TCP 2326-2365 and TCP/UDP 555-5560 from outside 63.100.100.1 to one of our internal server (IP 192.168.0.1). Please help me step by step how to do this. Also is it safe to open TCP/UDP 555-5560? It seems some Trojan are usng those ports. Thank you in advance.
0
Comment
Question by:weikiiro
5 Comments
 
LVL 13

Expert Comment

by:GuruChiu
ID: 35013578
You do mean 555-5560, not 5550-5560? The way Cisco implement port forwarding, you have to list the ports one by one. I do not aware a way to port forward a range. That means to forward port 555-5560 you need thousands of line. Pls confirm you indeed want 555 not 5550.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 35013665
So, based on the ports, I am presuming you're trying to make a Tandberg Classic Video Conferencing system available on the Internet to outside companies trying to make video calls to your company. (notes from http://www.vsgi.com/support/technical_faq.php)
So the following ports need to be opened in both directions:

TCP 1720
TCP 5555-5560
UDP 2326-2365

What version of the IOS are you running on the 1941?  We can crank out a configuration with explanations for you fairly quickly.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35014766
please show the whole config
0
 

Author Comment

by:weikiiro
ID: 35021202
Yes, we are trying to make a tanberg VC system available on the internet. I know how to open signal ports, but how can I open a range of ports?
TCP 1720
TCP 5555-5560
UDP 2326-2365

How can I find out my IOS? Thank you.
0
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 500 total points
ID: 35021838
Here are my proposed changes:

name 192.168.0.1 Tandberg-Int
name 63.100.100.1 Tandberg-Ext
object-group service Tandberg-Ext-TCP tcp
 port-object eq h323
 port-object eq sip
 port-object range 5555-5560
object-group service Tandberg-Ext-UDP udp
 port-object eq sip
 port-object range 2326-2365
access-list outside_access_in extended permit udp any host Tandberg-Ext object-group Tandberg-Ext-UDP
access-list outside_access_in extended permit tcp any host Tandberg-Ext object-group Tandberg-Ext-TCP
static (inside,outside) Tandberg-Ext Tandberg-Int netmask 255.255.255.255
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VoIP and Data on single switch, with SonicWall 6 54
ASA - RV130 VPN tunnel, cannot pass traffic 8 48
logging buffered 8 38
Load Balancing 3 8
Hey there Heard about jingle, the add on for XMPP that enables point to point audio between two XMPP clients. No server config necessary. Actually quite a cool feature. However, how good is it if you can not use those voice capabilities to do a P…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now