Solved

Cisco 1811 router Port forwarding

Posted on 2013-01-31
12
252 Views
Last Modified: 2014-11-15
Hello experts,

I have a cisco 1811 that I need to simply add a port forward to it to a server on the other side. I am not good with commands in cisco so a walk thru to add the ports would be much appreciated. I also have access to the CCP software to do it that way as well. thanks so much and let me know if you need anymore info.
0
Comment
Question by:kjamez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
12 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 38842381
0
 

Expert Comment

by:gaurav_mcp
ID: 38842470
ok

this is very simple
first define NAT inside and NAT outside on port
then you can define nat by this command
for example you want to send http request on port 8080 rather then port 80 from you internal user,and your user ip is 172.16.10.8
ip nat inside source static tcp 172.16.10.8 80 172.16.10.8 8080
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
ID: 38842700
don't forget to do:

ip forward-protocol nd
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:kjamez
ID: 38843515
thanks for the responses.

Do I run this command at the first prompt when I telnet into the router?  Thanks
0
 

Author Comment

by:kjamez
ID: 38843661
Let me be more descriptive. I need to forward port 3389 from the internet to an inside source listening on 3389. The cisco interface is fastethernet 1. I telneted to the router and logged in. I am at a cisco1811# prompt. What commands do I need to do?

I tried doing the above but still doesnt work. I may have done something wrong. Thanks again
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
ID: 38843930
you need to define ACL for doing it so like this

ip access-list 100 permit ip any eq 3389 any eq 3389

then apply acl 100 to your desired interface.
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 38844245
So that we can be more precise, post the router config but remove identifying information like usernames/passwords and full public ip addresses.
0
 

Author Comment

by:kjamez
ID: 38845955
Here is my config. thanks

Building configuration...

Current configuration : 38945 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco1811
!
boot-start-marker
boot system flash:c181x-advipservicesk9-mz.124-24.T.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 99999
no logging console
enable secret 5 $1$p1aJ$ce/t5Syl7lEp6SbrPJ775/
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec local_author local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
!
!
aaa session-id common
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-3540080443
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3540080443
 revocation-check none
 rsakeypair TP-self-signed-3540080443
!
!
crypto pki certificate chain TP-self-signed-3540080443
 certificate self-signed 01
  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33353430 30383034 3433301E 170D3038 31303139 31333037
  33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35343030
  38303434 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E123 303C9EDE F67626FB BF1FB27C 168450EE F0C43AE4 BFDD9E9E D7B0FD3F
  BE321D30 723BE3ED 416FB57C 8A381366 8B6994FB B6F10D43 9F89D86A 33E5292D
  60B20122 4BBA56C8 39DF5996 C4D00493 07A44568 C9F9BF3D 5281E4CC 967D62EB
  273C4E88 65B1112C 92BE8A61 9BC2A259 6AA7DD1F 5AE6B0C2 A903505D F77A2177
  89CF0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
  551D1104 1F301D82 1B436973 636F3138 31312E62 65727279 61766961 74696F6E
  2E636F6D 301F0603 551D2304 18301680 14A39EE7 A3F52660 E23FED50 CDD29C8E
  28A8AA5A F7301D06 03551D0E 04160414 A39EE7A3 F52660E2 3FED50CD D29C8E28
  A8AA5AF7 300D0609 2A864886 F70D0101 04050003 8181008C 5E9815BA B2DDA643
  23A5A45F 4690C35B D21767E8 FB5C62A9 8D0C1BEC 9C598B10 C9370926 02F331C6
  6BC0D1E5 EAFE88C7 4CE27F21 723F49B7 B924DD07 2C0007F5 36D0BD2A 01BE7F44
  C81AB6AD 2AF7D9B1 CFD27A18 D966B6D2 B60E12F7 67F5A31B 015A091C C5FA21AB
  9E841D7C 6DA4F8D2 1E70A4C6 C9BE6817 3D252FCA 34DE77
        quit
dot11 syslog
no ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.2.1 10.1.2.49
ip dhcp excluded-address 10.1.2.225 10.1.2.254
!
ip dhcp pool VLan2
   import all
   network 10.1.2.0 255.255.255.0
   domain-name mydomain.com
   dns-server 24.93.40.62 24.93.40.63
   default-router 10.1.2.1
!
!
ip cef
no ip bootp server
ip domain name mydomain.com
ip name-server 10.1.1.15
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin privilege 15 secret 5 $1$H.cL$WINBEp3w2v7jne0qePSRz/
username bagram password 7 121B000500125D
!
!
crypto isakmp policy 1
 authentication pre-share
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 3
 authentication pre-share
 group 2
!
crypto isakmp policy 4
 authentication pre-share
!
crypto isakmp client configuration group ba_vpn
 key password
 pool SDM_POOL_1
 netmask 255.255.255.0
!
crypto isakmp client configuration group ba_vpn2
 key password
 pool SDM_POOL_1
 acl 111
 netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto ipsec profile CiscoCP_Profile1
 set transform-set ESP-3DES-SHA
!
crypto ipsec profile CiscoCP_Profile2
 set transform-set ESP-3DES-SHA1
!
!
crypto dynamic-map dynmap 10
 set transform-set myset
 reverse-route remote-peer X.X.197.97
!
!
crypto map clientmap client authentication list ciscocp_vpn_xauth_ml_1
crypto map clientmap isakmp authorization list ciscocp_vpn_group_ml_1
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1
 description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$
 ip address X.X.197.100 255.255.255.248
 ip access-group 105 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 duplex auto
 speed auto
 snmp trap ip verify drop-rate
 crypto map clientmap
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
 switchport access vlan 2
!
interface FastEthernet9
 switchport mode trunk
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet1
 shutdown
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!
interface Virtual-Template2 type tunnel
 ip unnumbered FastEthernet1
 shutdown
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile2
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
 ip address 10.1.1.3 255.255.255.0
 ip access-group 103 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan2
 ip address 10.1.2.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
ip local pool SDM_POOL_2 10.1.1.175 10.1.1.180
ip local pool SDM_POOL_1 10.1.3.1 10.1.3.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 X.X.197.97
ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 110 interface FastEthernet1 overload
ip nat inside source static tcp 10.1.1.11 3389 10.1.1.11 3389 extendable
ip nat inside source static tcp 10.1.1.12 1521 X.X.197.100 1521 route-map SDM_RMAP_4 extendable
ip nat inside source static tcp 10.1.1.12 1522 X.X.197.100 1522 route-map SDM_RMAP_3 extendable
ip nat inside source static tcp 10.1.1.12 1526 X.X.197.100 1526 route-map SDM_RMAP_2 extendable
ip nat inside source static tcp 10.1.1.11 3389 X.X.197.100 3389 route-map SDM_RMAP_5 extendable
!
ip access-list extended sdm_fastethernet1_out
 remark CCP_ACL Category=1
 permit tcp any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 10.1.2.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 10.1.1.0 0.0.0.255
access-list 4 remark SDM_ACL Category=2
access-list 4 permit 10.1.2.0 0.0.0.255
access-list 5 remark HTTP Access-class list
access-list 5 remark SDM_ACL Category=1
access-list 5 permit 10.1.1.0 0.0.0.255
access-list 5 deny   any
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip X.X.197.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 24.93.41.126 eq domain host X.X.197.100
access-list 101 permit udp host 24.93.41.125 eq domain host X.X.197.100
access-list 101 permit tcp any host X.X.197.100 eq 1723
access-list 101 permit tcp any host X.X.197.100 eq smtp
access-list 101 permit tcp any host X.X.197.100 eq www
access-list 101 permit tcp any host X.X.197.100 eq pop3
access-list 101 permit tcp any host X.X.197.100 eq 1521
access-list 101 permit tcp any host X.X.197.100 eq 1522
access-list 101 permit tcp any host X.X.197.100 eq 1526
access-list 101 permit tcp any host X.X.197.100 eq 3389
access-list 101 permit tcp any host X.X.197.100 eq 5631
access-list 101 permit tcp any host X.X.197.100 eq 5641
access-list 101 permit udp any host X.X.197.100 eq 5642
access-list 101 permit udp any host X.X.197.100 eq 5632
access-list 101 permit tcp any host X.X.197.101 eq 3389
access-list 101 permit tcp any host X.X.197.101 eq 5631
access-list 101 permit udp any host X.X.197.101 eq 5632
access-list 101 deny   ip 10.1.1.0 0.0.0.255 any
access-list 101 permit icmp any host X.X.197.100 echo-reply
access-list 101 permit icmp any host X.X.197.100 time-exceeded
access-list 101 permit icmp any host X.X.197.100 unreachable
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.1.1.0 0.0.0.255 any
access-list 102 deny   ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark CCP_ACL Category=1
access-list 103 permit udp any range 49152 53247 any range 49152 53247
access-list 103 permit tcp any range 1719 1720 any range 1719 1720
access-list 103 deny   ip X.X.197.96 0.0.0.7 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit udp any host X.X.197.101 eq 5632
access-list 104 permit tcp any host X.X.197.101 eq 5631
access-list 104 permit tcp any host X.X.197.101 eq 3389
access-list 104 permit udp any host X.X.197.100 eq 5642
access-list 104 permit tcp any host X.X.197.100 eq 5641
access-list 104 permit udp any host X.X.197.100 eq 5632
access-list 104 permit tcp any host X.X.197.100 eq 5631
access-list 104 permit tcp any host X.X.197.100 eq 3389
access-list 104 permit tcp any host X.X.197.100 eq 1723
access-list 104 permit tcp any host X.X.197.100 eq 1526
access-list 104 permit tcp any host X.X.197.100 eq 1522
access-list 104 permit tcp any host X.X.197.100 eq 1521
access-list 104 permit tcp any host X.X.197.100 eq pop3
access-list 104 permit tcp any host X.X.197.100 eq www
access-list 104 permit tcp any host X.X.197.100 eq smtp
access-list 104 deny   ip 10.1.1.0 0.0.0.255 any
access-list 104 permit icmp any host X.X.197.100 echo-reply
access-list 104 permit icmp any host X.X.197.100 time-exceeded
access-list 104 permit icmp any host X.X.197.100 unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any log
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark CCP_ACL Category=1
access-list 105 permit udp any host X.X.197.100 eq non500-isakmp
access-list 105 permit udp any host X.X.197.100 eq isakmp
access-list 105 permit udp any range 49152 53247 any range 49152 53247
access-list 105 permit tcp any range 1719 1720 any range 1719 1720
access-list 105 permit esp any host X.X.197.100
access-list 105 permit ahp any host X.X.197.100
access-list 105 permit udp any host X.X.197.101 eq 5632
access-list 105 permit tcp any host X.X.197.101 eq 5631
access-list 105 permit tcp any host X.X.197.101 eq 3389
access-list 105 permit udp any host X.X.197.100 eq 5642
access-list 105 permit tcp any host X.X.197.100 eq 5641
access-list 105 permit udp any host X.X.197.100 eq 5632
access-list 105 permit tcp any host X.X.197.100 eq 5631
access-list 105 permit tcp any host X.X.197.100 eq 3389
access-list 105 permit tcp any host X.X.197.100 eq 1723
access-list 105 permit tcp any host X.X.197.100 eq 1526
access-list 105 permit tcp any host X.X.197.100 eq 1522
access-list 105 permit tcp any host X.X.197.100 eq 1521
access-list 105 permit tcp any host X.X.197.100 eq pop3
access-list 105 permit tcp any host X.X.197.100 eq smtp
access-list 105 deny   ip 10.1.1.0 0.0.0.255 any
access-list 105 permit icmp any host X.X.197.100 echo-reply
access-list 105 permit icmp any host X.X.197.100 time-exceeded
access-list 105 permit icmp any host X.X.197.100 unreachable
access-list 105 deny   ip 10.0.0.0 0.255.255.255 any
access-list 105 deny   ip 172.16.0.0 0.15.255.255 any
access-list 105 deny   ip 192.168.0.0 0.0.255.255 any
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any
access-list 105 deny   ip host 255.255.255.255 any
access-list 105 deny   ip host 0.0.0.0 any
access-list 105 deny   ip any any log
access-list 106 remark CCP_ACL Category=4
access-list 106 permit ip 10.1.1.0 0.0.0.255 any
access-list 106 permit ip 10.1.2.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=2
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.100
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.99
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.98
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.97
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.96
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.95
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.94
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.93
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.92
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.91
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.90
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.89
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.88
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.87
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.86
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.85
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.84
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.83
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.82
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.81
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.80
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.79
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.78
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.77
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.76
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.75
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.74
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.73
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.72
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.71
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.70
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.69
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.68
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.67
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.66
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.65
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.64
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.63
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.62
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.61
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.60
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.59
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.58
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.57
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.56
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.55
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.54
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.53
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.52
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.51
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.50
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.49
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.48
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.47
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.46
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.45
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.44
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.43
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.42
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.41
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.40
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.39
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.38
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.37
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.36
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.35
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.34
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.33
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.32
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.31
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.30
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.29
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.28
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.27
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.26
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.25
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.24
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.23
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.22
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.21
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.20
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.19
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.18
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.17
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.16
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.15
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.14
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.13
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.12
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.11
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.10
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.9
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.8
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.7
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.6
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.5
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.4
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.3
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.2
access-list 107 deny   ip host 10.1.1.12 host 10.1.3.1
access-list 107 permit tcp host 10.1.1.12 eq 1526 any
access-list 108 remark CCP_ACL Category=2
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.100
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.99
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.98
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.97
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.96
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.95
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.94
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.93
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.92
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.91
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.90
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.89
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.88
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.87
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.86
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.85
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.84
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.83
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.82
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.81
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.80
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.79
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.78
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.77
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.76
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.75
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.74
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.73
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.72
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.71
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.70
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.69
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.68
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.67
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.66
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.65
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.64
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.63
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.62
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.61
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.60
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.59
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.58
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.57
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.56
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.55
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.54
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.53
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.52
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.51
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.50
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.49
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.48
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.47
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.46
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.45
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.44
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.43
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.42
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.41
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.40
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.39
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.38
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.37
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.36
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.35
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.34
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.33
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.32
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.31
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.30
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.29
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.28
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.27
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.26
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.25
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.24
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.23
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.22
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.21
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.20
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.19
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.18
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.17
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.16
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.15
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.14
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.13
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.12
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.11
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.10
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.9
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.8
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.7
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.6
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.5
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.4
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.3
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.2
access-list 108 deny   ip host 10.1.1.12 host 10.1.3.1
access-list 108 permit tcp host 10.1.1.12 eq 1522 any
access-list 109 remark CCP_ACL Category=2
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.100
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.99
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.98
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.97
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.96
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.95
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.94
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.93
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.92
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.91
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.90
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.89
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.88
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.87
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.86
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.85
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.84
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.83
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.82
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.81
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.80
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.79
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.78
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.77
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.76
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.75
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.74
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.73
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.72
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.71
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.70
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.69
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.68
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.67
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.66
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.65
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.64
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.63
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.62
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.61
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.60
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.59
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.58
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.57
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.56
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.55
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.54
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.53
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.52
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.51
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.50
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.49
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.48
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.47
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.46
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.45
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.44
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.43
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.42
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.41
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.40
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.39
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.38
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.37
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.36
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.35
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.34
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.33
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.32
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.31
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.30
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.29
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.28
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.27
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.26
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.25
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.24
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.23
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.22
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.21
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.20
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.19
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.18
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.17
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.16
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.15
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.14
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.13
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.12
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.11
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.10
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.9
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.8
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.7
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.6
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.5
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.4
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.3
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.2
access-list 109 deny   ip host 10.1.1.12 host 10.1.3.1
access-list 109 permit tcp host 10.1.1.12 eq 1521 any
access-list 110 deny   ip 10.1.2.0 0.0.0.255 10.1.3.0 0.0.0.255
access-list 110 deny   ip 10.1.1.0 0.0.0.255 10.1.3.0 0.0.0.255
access-list 110 permit ip 10.1.1.0 0.0.0.255 any
access-list 110 permit ip 10.1.2.0 0.0.0.255 any
access-list 110 deny   ip host 10.1.1.11 any
access-list 110 deny   tcp host 10.1.1.12 eq 1526 any
access-list 110 deny   tcp host 10.1.1.12 eq 1522 any
access-list 110 deny   tcp host 10.1.1.12 eq 1521 any
access-list 110 deny   tcp host 10.1.1.11 eq 3389 any
access-list 111 permit ip 10.1.1.0 0.0.0.255 any
access-list 111 permit ip 10.1.2.0 0.0.0.255 any
access-list 112 remark CCP_ACL Category=2
access-list 112 permit tcp host 10.1.1.11 eq 3389 any
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.100
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.99
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.98
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.97
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.96
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.95
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.94
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.93
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.92
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.91
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.90
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.89
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.88
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.87
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.86
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.85
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.84
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.83
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.82
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.81
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.80
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.79
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.78
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.77
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.76
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.75
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.74
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.73
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.72
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.71
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.70
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.69
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.68
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.67
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.66
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.65
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.64
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.63
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.62
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.61
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.60
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.59
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.58
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.57
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.56
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.55
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.54
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.53
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.52
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.51
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.50
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.49
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.48
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.47
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.46
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.45
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.44
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.43
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.42
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.41
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.40
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.39
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.38
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.37
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.36
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.35
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.34
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.33
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.32
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.31
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.30
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.29
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.28
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.27
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.26
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.25
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.24
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.23
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.22
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.21
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.20
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.19
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.18
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.17
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.16
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.15
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.14
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.13
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.12
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.11
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.10
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.9
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.8
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.7
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.6
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.5
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.4
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.3
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.2
access-list 112 deny   ip host 10.1.1.11 host 10.1.3.1
access-list 112 permit ip host 10.1.1.11 any
no cdp run

!
!
!
!
route-map SDM_RMAP_4 permit 1
 match ip address 109
!
route-map SDM_RMAP_5 permit 1
 match ip address 112
!
route-map SDM_RMAP_2 permit 1
 match ip address 107
!
route-map SDM_RMAP_3 permit 1
 match ip address 108
!
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login authentication local_authen
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 102 in
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
line vty 5 15
 access-class 102 in
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
0
 

Author Comment

by:kjamez
ID: 38845968
The IP address 10.1.1.11 is the local address I need for 3389.
0
 
LVL 9

Accepted Solution

by:
Sandeep Gupta earned 500 total points
ID: 38858458
"Let me be more descriptive. I need to forward port 3389 from the internet to an inside source listening on 3389. The cisco interface is fastethernet 1. I telneted to the router and logged in. I am at a cisco1811# prompt. What commands do I need to do? "

you need to add follwoing line in acl 105

permit ip any eq 3389 host 10.1.1.11 eq 3389

"Do I run this command at the first prompt when I telnet into the router?  "

router(config)#ip forward-protocol nd

Also I don't like irregular ACL...in your acls you have done perimt, deny permit ..deny..
 
good practice is first do permit in your acl whatever you  want and then deny all.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question