09-06-2014 03:51 AM - edited 03-04-2019 11:42 PM
help i want to port forward using my static ip 10.10.10.2 3389 and 10.10.10.2 1167, I am newbie at cisco please show me what command i will use,help guys :(
no service pad
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
!
hostname ********
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret level 2 5 $1$Y4PF$K6TQ5wf0gcHiO5IxvLZba0
enable secret level 5 5 $1$WZeO$BzTCl0C0e1078CWxExJK0/
enable secret 5 $1$plq6$P5HVL/tR81cs0GFDrD.0V/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
clock timezone KSA 3 0
!
crypto pki trustpoint TP-self-signed-1682106276
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1682106276
revocation-check none
rsakeypair TP-self-signed-1682106276
!
!
crypto pki certificate chain TP-self-signed-1682106276
certificate self-signed 02
30820250 308201B9 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363832 31303632 3736301E 170D3032 30333031 30303038
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36383231
30363237 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C2F3 49897460 71FEB259 7794B7C6 D398958A 2D338F0F C69F0E75 1137B16C
C261A275 8416DAF6 FC19AA6E 50024019 66CE4DB8 3AFAB6FE CE892B42 86A93490
97259E47 D740B2F4 9AA2D307 7B676841 2CAAA879 D945A6FD 717B507F 77399332
1644CEDE 884BF133 ACFBBC80 9869A104 54CC3EEE 9D521378 EC762D86 C3F0ABC9
CA990203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 18417761 6C416D61 6C792E61 77616C6E 65742E6E 65742E73
61301F06 03551D23 04183016 80149ADD A651C9F9 F8369354 5C904777 090FEB75
72E0301D 0603551D 0E041604 149ADDA6 51C9F9F8 3693545C 90477709 0FEB7572
E0300D06 092A8648 86F70D01 01040500 03818100 50ACCA98 1A5FCCAD FC61D703
A8589B02 AFB8CD47 BD1CC7B0 B095C97F AA0604A8 F8495053 C8A9CBB9 644F5674
318A7AA0 873250AD 1DE28CE2 BE21ED19 BF212CF7 E2A97CFB FFA62F1E 643CEDFE
90D02109 719FD4D3 98E6C40B D61CE89C D2426C1E 3CBD9FBE 397F7F7C F1DD279E
14F8BB2D ABFA784B 6E04274B EDCBFC8F A805E91D
quit
ip cef
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.11.1
!
ip dhcp pool lan
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 212.93.192.4 212.93.192.5
lease 0 2
!
ip dhcp pool wireless
import all
network 10.10.11.0 255.255.255.0
default-router 10.10.11.1
dns-server 212.93.192.4 212.93.192.5
lease 0 2
!
!
!
no ip domain lookup
ip domain name aamal.net.sa
ip name-server 212.93.192.4
ip name-server 212.93.192.5
no ipv6 cef
!
!
cwmp agent
enable download
enable
session retry limit 10
management server password 7 **************************
management server ****************************
!
license udi pid C887VA-W-E-K9 sn FCZ174491US
!
!
archive
log config
hidekeys
username k privilege 15 password 7 **********************
username admin privilege 15 password 7 **********************
!
!
!
!
!
controller VDSL 0
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group aamalnet
key aamalnet
dns 212.93.192.4 212.93.192.5
include-local-lan
dhcp server 10.10.10.1
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group aamalnet
client authentication list sdm_vpn_xauth_ml_2
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 60
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
!
bridge irb
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
no ip address
bridge-group 2
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname **********************************
ppp chap password 7 ******************************
no cdp enable
!
interface BVI2
ip address 10.10.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 23 permit 212.93.196.0 0.0.0.255
access-list 23 permit 212.93.192.0 0.0.0.255
access-list 23 permit 212.93.193.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.11.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
snmp-server community private RW
snmp-server community public RO
!
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
privilege interface level 5 encapsulation
privilege interface level 5 description
privilege interface level 5 no encapsulation
privilege interface level 5 no description
privilege interface level 5 no
privilege configure level 5 ip route
privilege configure level 5 interface
privilege configure level 5 controller
privilege configure level 5 ip
privilege exec level 5 copy running-config tftp
privilege exec level 5 copy running-config
privilege exec level 5 copy
privilege exec level 5 write memory
privilege exec level 5 write
privilege exec level 5 configure terminal
privilege exec level 5 configure
privilege exec level 5 show processes cpu
privilege exec level 5 show processes
privilege exec level 2 show running-config
privilege exec level 5 show configuration
privilege exec level 2 show
privilege exec level 5 clear counters
privilege exec level 5 clear
!
line con 0
privilege level 15
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 23 in
privilege level 2
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end
Solved! Go to Solution.
09-06-2014 10:16 AM
Hi,
This will do the trick:
ip nat inside source static tcp 10.10.10.2 3389 interface dialer 0 3389
ip nat inside source static tcp 10.10.10.2 1167 interface dialer 0 1167
Now your Dialer0 IP address will port forward ports 3389 and 1167 to your internal ip 10.10.10.2
JJ
09-06-2014 10:16 AM
Hi,
This will do the trick:
ip nat inside source static tcp 10.10.10.2 3389 interface dialer 0 3389
ip nat inside source static tcp 10.10.10.2 1167 interface dialer 0 1167
Now your Dialer0 IP address will port forward ports 3389 and 1167 to your internal ip 10.10.10.2
JJ
09-07-2014 10:07 PM
Hello thanks for your reply Mr. JJ
i put this command to my program
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.2 3389 interface Dialer0 3389
ip nat inside source static tcp 10.10.10.2 1167 interface Dialer0 1167
when i check my port to http://www.canyouseeme.org/ , i see that my port is not block
however. why i cannot access it using <public ip adress>:3389 and <public ip address>:1167, unable to connect through outside :(.
is there a problem here?:
Pro Inside global Inside local Outside local Outside global
tcp ********** 10.10.10.2:1167 --- ---
tcp ***********:3389 10.10.10.2:3389 --- ---
regards.
09-07-2014 10:07 PM
Hi,
You can telnet to the outside IP to the ports and then check if the router is natting correctly.
telnet 78.93.183.246:1167
at the same time:
#sh ip nat transla | i 1167
Do you see the nat translation there? If you can see the outside local and global IP, that means that the router is forwarding the traffic but maybe your internal server is not replying.
You can install wire shark in the server in order to see if you are receiving the queries
JJ
09-10-2014 11:55 AM
i configure out now its my firewall responsible for this. thanks for your help jj
10-19-2014 08:47 AM
Hi Mr. JJ thx for your reply
i put to the browser telnet://**************:1167
Yes telnet work but since im using window server 2008 r2 hyperterminal is not available so
it search for complatible program. but i want to use http.
i dont know why the port is open but unable to connect?
did i miss on my config or something firewall( I disable my firewall to my computer).?
I dont know what's this wireshark but ill try this tomorrow.
regards.
edit
edit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide