?
Solved

nat port 389 on a cisco 1841 router

Posted on 2011-10-10
4
Medium Priority
?
687 Views
Last Modified: 2012-06-21
I have a cisco 1841 router on my network that also acts as our firewall. I'm trying to allow port 389 (ldap) and forward it to an internal server so my external website can query active directory.

I set up following rule as #1 in my access-list (with xx.xx.xx.xx as my public IP address)

9 permit tcp any host  eq 389

And I set up the following for NAT
Pro Inside global      Inside local       Outside local      Outside global
tcp xx.xx.xx.xx:389    10.1.1.21:389      ---                ---

However when I cannot bind to my ldap server from the internet and when I run nmap on the router I get this

PORT      STATE  SERVICE
80/tcp    open   http
443/tcp   closed https
49157/tcp closed unknown

No port 389? Can someone help?

0
Comment
Question by:steiner470
  • 2
4 Comments
 
LVL 5

Expert Comment

by:Prashant Shrivastava
ID: 36945107
You need to define static rule here:

ip nat inside source static tcp <insert-internal-ip-address-here> 389 interface <external-interface> 389

Regards,
P
0
 

Author Comment

by:steiner470
ID: 36945662
@Prash - yes I did that already (thats why you can see that NAT entry in my table above).
0
 
LVL 15

Accepted Solution

by:
greg ward earned 2000 total points
ID: 36948362
firewall rules
ip inspect
could be on both extenal interface or internal.
the nat command should not require a reboot.

Greg
0
 

Author Closing Comment

by:steiner470
ID: 36952537
It was the firewall preventing it, thanks
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question