• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 692
  • Last Modified:

Cisco Port forward

I need some help configuring port forwarding on a Cisco 857.

I need to forward any address port 80 and 5901 to and inside address here is what i have so far, is this correct? it looks backwards to me.

ip nat inside source static tcp 192.168.2.10 80 interface Dialer0 80
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SomenameRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 mypassword
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1597199717
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certifi<wbr ></wbr><wbr ></wbr>cate-15971<wbr ></wbr>99717
 revocation-check none
 rsakeypair TP-self-signed-1597199717
!
dot11 syslog
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
!
!
!
username admin privilege 15 secret 5 adminpassword
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 pvc 0/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-<wbr ></wbr><wbr ></wbr>HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.2.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
interface Dialer0
 ip address 192.1.x.x 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname 9999
 ppp chap password 0 ifs03ac1
 ppp pap sent-username 99999 password 0 999999
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Vlan1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.2.10 80 interface Dialer0 80
ip nat inside source static udp 192.168.2.10 1194 interface Dialer0 1194
ip nat inside source static udp 192.168.2.10 1196 interface Dialer0 1196
ip nat inside source static tcp 192.168.2.10 22 interface Dialer0 22
ip nat inside source static udp 192.168.2.10 153 interface Dialer0 153
ip nat inside source static udp 192.168.2.10 181 interface Dialer0 181
ip nat inside source static tcp 192.168.2.10 30022 interface Dialer0 30022
ip nat inside source static tcp 192.168.2.10 1194 interface Dialer0 1194
ip nat inside source static tcp 192.168.2.10 1196 interface Dialer0 1196
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

SomenameRouter(config)#

Open in new window

0
hoshie329
Asked:
hoshie329
  • 2
1 Solution
 
jon1966Commented:
This looks correct.  Is it not working?
0
 
dusanm011Commented:
Well for starter I do not see line saying "ip nat inside source static tcp 192.168.2.10 5901 interface Dialer0 5901".

 
Second, what is the issue saying that default route points to inside?

- ip route 0.0.0.0 0.0.0.0 Vlan1


Shouldn’t it be pointing on outside interface?

Regards.
0
 
jon1966Commented:
My comment concerning that it is correct is in response to the question if the format is correct, which it is.  

ip route 0.0.0.0 0.0.0.0 should point to the outside.
0
 
hoshie329Author Commented:
thanks, i overlooked the route issue
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now