Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 877w Port Forward and Range of ports to internal server

Please help

I want to allow trafic from outside (puplic ip ) to inside host 192.168.11.4 (behind NAT) , I tried many solution but not work for me

Thanks

Centria#show run

Building configuration...

Current configuration : 11363 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname Centria

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret level 2 5 $1$Y4PF$K6TQ5wf0gcHiO5IxvLZba0

enable secret level 5 5 $1$WZeO$BzTCl0C0e1078CWxExJK0/

enable secret 5 $1$tBTd$QoiQ5U1IqCTpNw.lRJ3pU.

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authentication login sdm_vpn_xauth_ml_2 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

!

!

aaa session-id common

clock timezone KSA 3

!

crypto pki trustpoint TP-self-signed-3807521769

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3807521769

revocation-check none

rsakeypair TP-self-signed-3807521769

crypto pki certificate chain TP-self-signed-3807521769

certificate self-signed 01

dot11 syslog

!

dot11 ssid Centria-AamalNet

   vlan 1

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 06261C2B584D29485437

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.11.1

ip dhcp excluded-address 192.168.11.1

!

ip dhcp pool lan

   import all

   network 192.168.11.0 255.255.255.0

   default-router 192.168.11.1

   dns-server 212.xxx.192.xxx 212.xxx.192.xxx

   lease 0 2

ip domain name 212.xxx.192.xxx

ip name-server 212.xxx.192.xxx

ip name-server 212.xxx.192.xxx

!

!

!

username aamalnet privilege 2 password 7 0005120B055705031B

username aamalnoc privilege 5 password 7 011207095A07085F22

username aamalsup privilege 15 password 7 06421A311F5C3C5D5605

username cisco privilege 15 secret 5 $1$YkjU$Zt5xF6iIyhugtYm6h8Vh9.

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group aamalnet

key aamalnet

dns 212.93.xxx.4 212.93.xxx.5

include-local-lan

dhcp server 10.10.20.1

max-users 10

netmask 255.255.255.0

crypto isakmp profile sdm-ike-profile-1

   match identity group aamalnet

   client authentication list sdm_vpn_xauth_ml_2

   isakmp authorization list sdm_vpn_group_ml_1

   client configuration address respond

   virtual-template 1

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto ipsec profile SDM_Profile1

set security-association idle-time 60

set transform-set ESP-3DES-SHA

set isakmp-profile sdm-ike-profile-1

!

!

archive

log config

  hidekeys

!

!

!

bridge irb

!

!

interface Tunnel1

description connected to 78.xxx.246.xxx

ip address 172.168.16.2 255.255.255.252

tunnel source 78.xxx.246.xxx

tunnel destination 78.xxx.246.xxx

!

interface Tunnel2

description CONNECTED TO xxx@2MB

ip address 172.168.17.1 255.255.255.252

tunnel source 78.xxx.246.xxx

tunnel destination 78.xxx.222.xxx

!

interface Tunnel3

description CONNECTED TO xxxxxxx@2MB

ip address 172.168.18.1 255.255.255.252

tunnel source 78.xxx.246.xxx

tunnel destination 78.xxx.222.xxx

!

interface Tunnel4

description CONNECTED TO xxxxxx@2MB

ip address 172.168.19.1 255.255.255.252

tunnel source 78.xxx.246.xxx

tunnel destination 78.xxx.211.xxx

!

interface Tunnel6

description CONNECTED TO 1xxxxx@2mb

ip address 172.16.22.1 255.255.255.252

tunnel source 78.xxx.246.xxx

tunnel destination 78.93.204.163

!

interface Tunnel7

description CONNECTED TO xxxx@2mb

ip address 172.16.33.1 255.255.255.252

tunnel source 78.xxx.246.xxx

tunnel destination 78.xxx.204.xxx

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

pvc 0/35

  pppoe-client dial-pool-number 1

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1 type tunnel

ip unnumbered Dialer0

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile1

!

interface Dot11Radio0

no ip address

shutdown

!

encryption vlan 1 mode ciphers tkip

!

encryption mode ciphers tkip

!

ssid Centria-AamalNet

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

no ip address

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

bridge-group 1

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostnamexxxx@8mb.aamal.net.sa

ppp chap password 7 051D243D251B662E4F5342

!

interface BVI1

ip address 78.xxx.190.xxx 255.255.255.252 secondary

ip address 192.168.11.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 192.168.12.0 255.255.255.0 Tunnel1

ip route 192.168.13.0 255.255.255.0 Tunnel2

ip route 192.168.14.0 255.255.255.0 Tunnel3

ip route 192.168.15.0 255.255.255.0 Tunnel4

ip route 192.168.16.0 255.255.255.0 Tunnel6

ip route 192.168.17.0 255.255.255.0 Tunnel7

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.11.4 3389 interface Dialer0 3389

ip nat inside source static tcp 192.168.11.4 5060 78.xxx.246.xxx 5060 extendable

ip nat inside source static udp 192.168.11.4 5060 78.xxx.246.xxx 5060 extendable

ip nat inside source static udp 192.168.11.4 5090 78.xxx.246.xxx 5090 extendable

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.11.0 0.0.0.255

access-list 1 permit 10.10.11.0 0.0.0.255

access-list 1 permit any

access-list 23 permit 212.xx.196.0 0.0.0.255

access-list 23 permit 212.xx.192.0 0.0.0.255

access-list 23 permit 212.xx.193.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.255

dialer-list 1 protocol ip permit

snmp-server community private RW

snmp-server community public RO

no cdp run

control-plane

bridge 1 protocol ieee

bridge 1 route ip

Everyone's tags (1)
116
Views
0
Helpful
0
Replies