Solved: Hi, This will do the trick:

shabakat.innet · ‎09-06-2014

help i want to port forward using my static ip 10.10.10.2 3389 and 10.10.10.2 1167, I am newbie at cisco please show me what command i will use,help guys :(

no service pad

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname ********

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret level 2 5 $1$Y4PF$K6TQ5wf0gcHiO5IxvLZba0

enable secret level 5 5 $1$WZeO$BzTCl0C0e1078CWxExJK0/

enable secret 5 $1$plq6$P5HVL/tR81cs0GFDrD.0V/

!

aaa new-model

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authentication login sdm_vpn_xauth_ml_2 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

!

aaa session-id common

clock timezone KSA 3 0

!

crypto pki trustpoint TP-self-signed-1682106276

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1682106276

revocation-check none

rsakeypair TP-self-signed-1682106276

!

crypto pki certificate chain TP-self-signed-1682106276

certificate self-signed 02

30820250 308201B9 A0030201 02020102 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31363832 31303632 3736301E 170D3032 30333031 30303038

35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36383231

30363237 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100C2F3 49897460 71FEB259 7794B7C6 D398958A 2D338F0F C69F0E75 1137B16C

C261A275 8416DAF6 FC19AA6E 50024019 66CE4DB8 3AFAB6FE CE892B42 86A93490

97259E47 D740B2F4 9AA2D307 7B676841 2CAAA879 D945A6FD 717B507F 77399332

1644CEDE 884BF133 ACFBBC80 9869A104 54CC3EEE 9D521378 EC762D86 C3F0ABC9

CA990203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603

551D1104 1C301A82 18417761 6C416D61 6C792E61 77616C6E 65742E6E 65742E73

61301F06 03551D23 04183016 80149ADD A651C9F9 F8369354 5C904777 090FEB75

72E0301D 0603551D 0E041604 149ADDA6 51C9F9F8 3693545C 90477709 0FEB7572

E0300D06 092A8648 86F70D01 01040500 03818100 50ACCA98 1A5FCCAD FC61D703

A8589B02 AFB8CD47 BD1CC7B0 B095C97F AA0604A8 F8495053 C8A9CBB9 644F5674

318A7AA0 873250AD 1DE28CE2 BE21ED19 BF212CF7 E2A97CFB FFA62F1E 643CEDFE

90D02109 719FD4D3 98E6C40B D61CE89C D2426C1E 3CBD9FBE 397F7F7C F1DD279E

14F8BB2D ABFA784B 6E04274B EDCBFC8F A805E91D

quit

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.11.1

!

ip dhcp pool lan

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 212.93.192.4 212.93.192.5

lease 0 2

!

ip dhcp pool wireless

import all

network 10.10.11.0 255.255.255.0

default-router 10.10.11.1

dns-server 212.93.192.4 212.93.192.5

lease 0 2

!

no ip domain lookup

ip domain name aamal.net.sa

ip name-server 212.93.192.4

ip name-server 212.93.192.5

no ipv6 cef

!

cwmp agent

enable download

enable

session retry limit 10

management server password 7 **************************

management server ****************************

!

license udi pid C887VA-W-E-K9 sn FCZ174491US

!

archive

log config

hidekeys

username k privilege 15 password 7 **********************

username admin privilege 15 password 7 **********************

!

controller VDSL 0

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group aamalnet

key aamalnet

dns 212.93.192.4 212.93.192.5

include-local-lan

dhcp server 10.10.10.1

max-users 10

netmask 255.255.255.0

crypto isakmp profile sdm-ike-profile-1

match identity group aamalnet

client authentication list sdm_vpn_xauth_ml_2

isakmp authorization list sdm_vpn_group_ml_1

client configuration address respond

virtual-template 1

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

mode tunnel

!

crypto ipsec profile SDM_Profile1

set security-association idle-time 60

set transform-set ESP-3DES-SHA

set isakmp-profile sdm-ike-profile-1

!

bridge irb

!

interface ATM0

no ip address

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

pvc 0/35

pppoe-client dial-pool-number 1

!

interface Ethernet0

no ip address

shutdown

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Virtual-Template1 type tunnel

ip unnumbered Dialer0

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile1

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

no ip address

!

interface wlan-ap0

description Embedded Service module interface to manage the embedded AP

ip unnumbered Vlan1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan2

no ip address

bridge-group 2

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname **********************************

ppp chap password 7 ******************************

no cdp enable

!

interface BVI2

ip address 10.10.11.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 1 permit 10.10.11.0 0.0.0.255

access-list 23 permit 212.93.196.0 0.0.0.255

access-list 23 permit 212.93.192.0 0.0.0.255

access-list 23 permit 212.93.193.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 23 permit 10.10.11.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

!

snmp-server community private RW

snmp-server community public RO

!

bridge 1 protocol ieee

bridge 1 route ip

bridge 2 protocol ieee

bridge 2 route ip

!

privilege interface level 5 encapsulation

privilege interface level 5 description

privilege interface level 5 no encapsulation

privilege interface level 5 no description

privilege interface level 5 no

privilege configure level 5 ip route

privilege configure level 5 interface

privilege configure level 5 controller

privilege configure level 5 ip

privilege exec level 5 copy running-config tftp

privilege exec level 5 copy running-config

privilege exec level 5 copy

privilege exec level 5 write memory

privilege exec level 5 write

privilege exec level 5 configure terminal

privilege exec level 5 configure

privilege exec level 5 show processes cpu

privilege exec level 5 show processes

privilege exec level 2 show running-config

privilege exec level 5 show configuration

privilege exec level 2 show

privilege exec level 5 clear counters

privilege exec level 5 clear

!

line con 0

privilege level 15

no modem enable

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

stopbits 1

line vty 0 4

access-class 23 in

privilege level 2

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 20000 1000

!

end

Juan Ponce Dominguez · ‎09-06-2014

Hi,

This will do the trick:

ip nat inside source static tcp 10.10.10.2 3389 interface dialer 0 3389
ip nat inside source static tcp 10.10.10.2 1167 interface dialer 0 1167

Now your Dialer0 IP address will port forward ports 3389 and 1167 to your internal ip 10.10.10.2

JJ

View solution in original post

Juan Ponce Dominguez · ‎09-06-2014

Hi,

This will do the trick:

ip nat inside source static tcp 10.10.10.2 3389 interface dialer 0 3389
ip nat inside source static tcp 10.10.10.2 1167 interface dialer 0 1167

Now your Dialer0 IP address will port forward ports 3389 and 1167 to your internal ip 10.10.10.2

JJ

shabakat.innet · ‎09-07-2014

Hello thanks for your reply Mr. JJ

i put this command to my program

ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.2 3389 interface Dialer0 3389
ip nat inside source static tcp 10.10.10.2 1167 interface Dialer0 1167

when i check my port to http://www.canyouseeme.org/ , i see that my port is not block

however. why i cannot access it using <public ip adress>:3389 and <public ip address>:1167, unable to connect through outside :(.

is there a problem here?:

Pro Inside global      Inside local       Outside local      Outside global
tcp ********** 10.10.10.2:1167    ---                ---
tcp ***********:3389 10.10.10.2:3389    ---                ---

regards.

Juan Ponce Dominguez · ‎09-07-2014

Hi,

You can telnet to the outside IP to the ports and then check if the router is natting correctly.

telnet 78.93.183.246:1167

at the same time:

#sh ip nat transla | i 1167

Do you see the nat translation there? If you can see the outside local and global IP, that means that the router is forwarding the traffic but maybe your internal server is not replying.

You can install wire shark in the server in order to see if you are receiving the queries

JJ

shabakat.innet · ‎09-10-2014

i configure out now its my firewall responsible for this. thanks for your help jj

shabakat.innet · ‎10-19-2014

Hi Mr. JJ thx for your reply

i put to the browser telnet://**************:1167

Yes telnet work but since im using window server 2008 r2 hyperterminal is not available so

it search for complatible program. but i want to use http.

i dont know why the port is open but unable to connect?

did i miss on my config or something firewall( I disable my firewall to my computer).?

I dont know what's this wireshark but ill try this tomorrow.

regards.

edit

cisco 887 portforwading