Cisco 837 port forwarding

Unanswered Question

Hi,

I'm trying to setup a Cisco 837 to have firewall, IPSec VPN to my office and port forwarding.

Using SDM I was able to first get the connection to the DSL provider, then using the VPN area setup the IPSec VPN. I then used the NAT area to setup port forwarding, but it does not appear to work. I think it must require the firewall/ACL area to be setup as well, but I thought the NAT tool would do the ACL automatically.

I have posted my setup, I would appreciate some pointers on what I should do to get it working.

regards, Mark



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Sun, 05/20/2007 - 19:23
User Badges:
  • Red, 2250 points or more

Hi


Can you tell me using which public ip address you are trying to access your internal resources ?


Since you have mapped interface dialer onto your lan ips using which public ip you are accessing the internal resources ?


I feel the ip assignment by your SP to you is on a dynamic mode which actually keeps on changing whenever you get connected to the SP network so in this case you wont have a single common public ip all the time to access your internal lan resources..


My suggestion would be to get a public ip and map all your resources to that common ip so that it remains the same throughout..


regds


Hi,


I have a public static IP for my home network provided by the DSL provier. Call it xxx.xxx.xxx.5


I am trying to get portforwarding working on this public static IP.


I also need the IPSEC VPN to my office to remain working and to permit traffic routing between my office and home networks.


regards

Mark


spremkumar Sun, 05/20/2007 - 20:03
User Badges:
  • Red, 2250 points or more

Hi


Is it possible for you to assign the public ip address on your router ?


Lets say you create a loopback ip and assign the same onto it..


Once you are done you need to change the current mappings which you have done with your dialer interface to the loopback interface or to the ip address it self..


regds


spremkumar Sun, 05/20/2007 - 20:12
User Badges:
  • Red, 2250 points or more

Hi Mark


I am trying to emphasis that the ip assignment from the SP is dynamic in nature and i don't think you will get the same ip every time..


Though you have done the config for port forwarding i dont think you will have defined ip address to use and access the internal lan resources..


Thats where i have suggested to check out for a static one so that you can have the same ip being used for all the time whenever you want to access your lan resources..


regds




spremkumar Sun, 05/20/2007 - 20:26
User Badges:
  • Red, 2250 points or more

Hi Mark


If thats the case why cant you re frame your Nat statements by using the static ip instead of interface dialer ??


regds


spremkumar Sun, 05/20/2007 - 20:55
User Badges:
  • Red, 2250 points or more

Hi Mark


The typical config will be like this ...


ip nat inside source static tcp 192.168.2.24 3389 x.x.x.x 3389

ip nat inside source static tcp 192.168.2.23 1723 x.x.x.x 1723

ip nat inside source static tcp 192.168.2.23 443 x.x.x.x 443

ip nat inside source static tcp 192.168.2.23 80 x.x.x.x 80

ip nat inside source static udp 192.168.2.23 53 x.x.x.x 53

ip nat inside source static tcp 192.168.2.23 53 x.x.x.x 53

ip nat inside source static tcp 192.168.2.23 25 ix.x.x.x 25


where x.x.x.x is the public static ip which you say that you are getting from the SP..


You need to do a clear ip nat translation * in order to change the nat config lines..


regds


Actions

This Discussion