Attempting to configure for external access.

Unanswered Question
Jan 4th, 2008

Hello again,

First of all, thank you for the replies to my first question; I was able to get that issues resolved because of those replies.

My current issue: I am attempting to configure a Win 2003 server for PCAnywhere Access. I believe I have correctly configured for PCAnywhere access for its application ports as well as port forwarding, but I am having issues with external connectivity to the public WAN address on the router.

A few details of my setup. We are using a 2821 router, with an HWIC-D-9ESW switch. The WAN configuration is on the on-router ports. And this is an important detail: The router is connected, in turn to a T-1 CSU/DSU, of which I had to create a static route to the T-1 CSu/DSU to establish internet connectivity.

At this point, externally, we cannot ping the public IP address which is configured on a 2821 WAN port, nor can I establish a connection via telnetting or a browser (for the SDM).

Furthermore, we cannot connect via PCAnywhere as well, and I suspect if I attempted to VPN, we will not be able to establish a connection. I think the issue is being to "hit" the router's WAN port which is configured with the primary public IP address. I am not sure if this is due to ACL rules, the firewall, or the route between the WAN port and the connected CSU/DSU.

A basic outline of our topology

{Internet} --> [T-1 CSU/DSU] --> [2821 WAN port: x.x.x.145 address] ---> [10.x.x.2 server]

Thus, I'd like to see if there are any general config. rules of which I am perhaps missing. Also, I wanted to know the best way to configure the router to function with the CSU/DSU. We currently do have internet access from within the internal "cloud," but the main issue would be related to outside-to-inside access to the desired server and resources.

Also, is creating a static route, to the CSU/DSU, the best way to configure the "gateway" for the WAN connection?

I can show some running-config if necessary. I am still learning more about Cisco configuration, so any advice would be very helpful and appeciated! Thanks in advance.

~I.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Thu, 01/10/2008 - 12:29

PCAnywhere uses ports 5631 (Data port or Transmission Control Protocol [TCP]) and 5632 (Status port or User Datagram Protocol [UDP]) to communicate. Therefore, these ports must be explicitly permitted on the device , so verify the device and its ACL

keegan.holley Thu, 01/10/2008 - 17:20

It sounds like you are doing dynamic natting. In order for services to be reachable from the outside they will need to have a static nat configured. This is because the devices on the inside of the nat are only seperated by source port. If the connection is started from the internet there is no definite internal host to match the flow to so the router does not know where to send the traffic. You could confiure a static nat based on port (IE: ip nat inside source static tcp ...) but, this would send all traffic on the PC anywhere port to the same server. This may no be the intended configuration. The best thing to do would be to obtain a public IP block and attach it to a loopback and then use it to nat any devices that need to recieve traffic initiated on the internet.

Actions

This Discussion