Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port Forwarding Cisco firewall

Hi,

In Cisco Firewall 2900 seires

trying to use port forwarding

but not communication please help me.

Reg

Manoj.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Port Forwarding Cisco firewall

Need more info, at least your running conf and what you're specifically doing

3 REPLIES
New Member

Port Forwarding Cisco firewall

Need more info, at least your running conf and what you're specifically doing

New Member

Re: Port Forwarding Cisco firewall

: Saved

: Written by enable_15 at 23:01:39.772 UTC Thu Jan 30 2014

!

name 10.10.70.X.40 FinalPdf

name 201.256.x.x Youfinalip

interface Ethernet0/0

nameif YOUB

security-level 0

ip address 201.256.x.x.254.82 255.255.255.248

!

!

interface Ethernet0/2

nameif inside

security-level 100

ip address 10.10.70.X.1 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

object-group service ftp tcp

port-object eq ftp

port-object eq ftp-data

port-object eq 14147

object-group service any tcp-udp

port-object range 1 65535

object-group service DM_INLINE_TCP_1 tcp

group-object ftp

port-object eq ftp-data

access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 10.70.0.0 255.255.0.0

access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.0.0 255.255.0.0

access-list inside_access_in extended deny object-group TCPUDP any any eq domain

access-list inside_access_in extended permit ip any any

access-list YOUB_mpc extended permit ip any any

access-list YOUB_access_in extended permit object-group TCPUDP any interface YOUB inactive

access-list YOUB_access_in extended permit tcp any host Youfinalip object-group ftp

pager lines 24

logging enable

logging emblem

logging asdm-buffer-size 512

logging buffered debugging

logging trap debugging

logging history debugging

logging asdm debugging

logging device-id hostname

logging debug-trace

logging ftp-bufferwrap

logging ftp-server 10.10.70.X.251 firwall/ firwall firwall

logging class auth trap emergencies asdm emergencies

mtu YOUB 1500

mtu SIFY 1500

mtu inside 1500

mtu WAN 1500

mtu management 1500

ip verify reverse-path interface YOUB

ip verify reverse-path interface inside

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-645.bin

asdm location Testpdf 255.255.255.255 inside

asdm history enable

arp timeout 14400

global (YOUB) 1 interface

global (SIFY) 1 interface

nat (inside) 0 access-list EXEMPT

nat (inside) 1 10.10.70.X.0 255.255.255.0 dns

static (inside,YOUB) tcp Youfinalip ftp Testpdf ftp netmask 255.255.255.255

access-group YOUB_access_in in interface YOUB

access-group inside_access_in in interface inside

route YOUB 0.0.0.0 0.0.0.0 201.256.x.x.254.81 1 track 1

route inside 0.0.0.0 0.0.0.0 10.10.70.X.1 10

route WAN 10.60.0.0 255.255.255.0 10.70.100.38 1

route WAN 192.168.8.0 255.255.255.0 10.70.100.38 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

sla monitor 100

type echo protocol ipIcmpEcho 4.2.2.2 interface YOUB

num-packets 3

frequency 10

sla monitor schedule 100 life forever start-time now

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

!

track 1 rtr 100 reachability

telnet timeout 5

ssh scopy enable

ssh 10.10.70.X.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username cisco password 3USUcOPFUiMCO4Jk encrypted

!

class-map YOUB-class

match access-list YOUB_mpc

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

description ftp

class inspection_default

  inspect dns preset_dns_map

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect ftp

class class-default

  ips inline fail-open

policy-map YOUB-policy

class YOUB-class

  ips inline fail-open sensor vs0

!

service-policy global_policy global

service-policy YOUB-policy interface YOUB

smtp-server 10.10.70.X.18

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:aace81256bc60bc50469f80cb0c4641a

: end

New Member

Port Forwarding Cisco firewall

Now can u tell me what is the problem.....

217
Views
0
Helpful
3
Replies
CreatePlease login to create content