Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.
configuring port forwarding on Cisco 5515 adsm v6.6
I am trying to create a port forwarder on a cisco firewall, basically 216.x.x.39:46611 -->10.10.3.7:9000
I have been trying different combinations and such for a couple of days and still can't get this to punch through. I know that 10.10.3.7:9000 works on the inside, I have tested it and it comes up
so far this is what I have
network objects
h-webint host 10.10.3.7
h-webext host 216.x.x.39
service objects
h-web tcp dest (1-65535) source 46611
h-webtrans tcp dest 9000 source (1-65535)
Nat rule
source int any destin interface outside
source addr any dest addr h-webext
service h-web
action:translated
source nat static dest addr h-webint
source addr --original-- service --original--
access rule
interface outside
permit
source any
dest h-webint
service h-webtran
I have been trying different combinations and such for a couple of days and still can't get this to punch through. I know that 10.10.3.7:9000 works on the inside, I have tested it and it comes up
so far this is what I have
network objects
h-webint host 10.10.3.7
h-webext host 216.x.x.39
service objects
h-web tcp dest (1-65535) source 46611
h-webtrans tcp dest 9000 source (1-65535)
Nat rule
source int any destin interface outside
source addr any dest addr h-webext
service h-web
action:translated
source nat static dest addr h-webint
source addr --original-- service --original--
access rule
interface outside
permit
source any
dest h-webint
service h-webtran
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
ok, I think I am following you, my command line ability is worse than my adsm.
So, my outside interface is called TWC and yes I am using a free ip from my pool of ips
I am trying what you posted, but I am getting an error message
Cisco>enable
password
Cisco# configure terminal
cisco(config)# object network internal_server
cisco(config-network-objec
I am getting an error message with the next command
cisco(config-network-objec
Error %invalid input detect at marker and the marker is the open (
As I said my command line knowledge is not great, I have tried backing up levels and I still get the same error.
So, my outside interface is called TWC and yes I am using a free ip from my pool of ips
I am trying what you posted, but I am getting an error message
Cisco>enable
password
Cisco# configure terminal
cisco(config)# object network internal_server
cisco(config-network-objec
I am getting an error message with the next command
cisco(config-network-objec
Error %invalid input detect at marker and the marker is the open (
As I said my command line knowledge is not great, I have tried backing up levels and I still get the same error.
so I changed the line to
nat (nas-main,twtc) static host 216.x.x.39 tcp 46611 9000
and now the pointer is saying error at the first number of the IP address
nat (nas-main,twtc) static host 216.x.x.39 tcp 46611 9000
and now the pointer is saying error at the first number of the IP address
this is becoming a tragedy.
I entered your command and it the error marker moved to tcp now
cisco(config-network-objec
I promise I am typing in what you are telling me to, I even retyped it twice
I entered your command and it the error marker moved to tcp now
cisco(config-network-objec
I promise I am typing in what you are telling me to, I even retyped it twice
:) If I doubt go to where the error is and type ?
the keyword 'service' needs entering.....
nat (nas-main,twtc) static 216.x.x.39 service tcp 46611 9000
Pete
the keyword 'service' needs entering.....
nat (nas-main,twtc) static 216.x.x.39 service tcp 46611 9000
Pete
that fixed the command problems but I am still unable to access the internal server from the outside. It occurred to me, maybe the problem is the url I am using https://216.x.x.39:46611.
Could it be the https?
so, I setup a 1 to 1 nat just trying to access the internal server via https on standard ports and I am able to do so, I just can't get the port 46611 to connect.
suggestions?
Could it be the https?
so, I setup a 1 to 1 nat just trying to access the internal server via https on standard ports and I am able to do so, I just can't get the port 46611 to connect.
suggestions?
I ran into some overall problems with the router and will re submit this question after they are resolved
thanks
thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2013… 214 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
object network Internal_Server
host 10.10.3.7
nat (inside,outside) static interface service tcp 46611 9000
access-list inbound permit tcp any object Internal_Server eq 46611
access-group inbound in interface outside
Assuming your inbound ACL is called inbound and your interfaces are called inside and outside.
If you public IP is not the outside interface i.e just another free IP then the config would look like this instead;
object network Internal_Server
host 10.10.3.7
nat (inside,outside) static host 216.x.x.39 tcp 46611 9000
access-list inbound permit tcp any object Internal_Server eq 46611
access-group inbound in interface outside
Regards
Pete