Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Router 871 port Forwarding

hi everyone,

I am very new to cisco router; however, i have a big challenge.

I am using server 2008 as dhcp server.

yep i got ip helper-address 192.168.1.10 to work.

but now i can't get this port forwarding working..

i am trying to use 17501 as a workstation rdp. this workstation get an ip from the server 2008

I tried so many things but still cannot get it to work.

please help me here..

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname tarvos

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret 5 $1$qP3E$Vl5lZ7rVf/lMsV8epdO8X/

!

no aaa new-model

!

resource policy

!

clock timezone PCTime -8

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

no ip source-route

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1 10.10.10.99

ip dhcp excluded-address 10.10.10.251 10.10.10.254

!

ip dhcp pool ccp-pool1

   import all

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1

!

!

ip tcp synwait-time 10

no ip bootp server

no ip domain lookup

ip domain name yourdomain.com

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

crypto pki trustpoint TP-self-signed-3097238650

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3097238650

revocation-check none

rsakeypair TP-self-signed-3097238650

!

!

crypto pki certificate chain TP-self-signed-3097238650

certificate self-signed 01

  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33303937 32333836 3530301E 170D3039 31323032 31363535

  35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30393732

  33383635 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BEA4 F68CE458 55EC0D64 421E49B6 710B7A9B 6FF71317 1D64496E E2567ABC

  CC0D8DF5 16771052 E5EEF6E0 CDAA6FE3 E228A0E0 54D3F623 3766A680 B43E0DC7

  2BA5D308 5CC41522 D480F899 404AD050 AB2BB066 E6E18AD1 F9F5E040 086E15FC

  EFA2184F D4AD1BBF 24DBDA7B 3356E9DD 65A9130F 2E0CF1FC 19D4BA43 7D0598B6

  4CF70203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603

  551D1104 19301782 15746172 766F732E 796F7572 646F6D61 696E2E63 6F6D301F

  0603551D 23041830 168014A9 F712F408 E808324B EC480CD5 4768EE21 35D75730

  1D060355 1D0E0416 0414A9F7 12F408E8 08324BEC 480CD547 68EE2135 D757300D

  06092A86 4886F70D 01010405 00038181 00A1FD45 067AB83C 7789EEFA 9B45930C

  135F0315 4A44A7A7 3C72DD95 0CC181B6 3B9C1741 C528CFED E87674C2 C9E4F672

  149CD09B CA4624D2 D218BDA2 42A0D02D 7D69A946 AF78678E 8BFF99BD 11B3BAAB

  A493797C 5D1EB2BD 25B807C5 2C759B84 296CFC8D 4126D10F 5F7C5C9E 19CDBFCA

  3E344E4B B3835EF1 7E28FE09 C865243D 76

  quit

username admin privilege 15 secret 5 $1$6SC2$T64uIRxP9y8.4vMg8DscX.

!

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

switchport trunk native vlan 2

switchport mode trunk

!

interface FastEthernet2

switchport mode trunk

!

interface FastEthernet3

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

ip address dhcp client-id FastEthernet4

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

interface Vlan2

ip address 192.168.1.1 255.255.255.0

ip helper-address 192.168.1.10

ip nat inside

ip virtual-reassembly

!

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source list NatVlan2 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.1.51 17501 interface FastEthernet4 17501

!

ip access-list standard NatVlan2

remark vlan2

remark CCP_ACL Category=2

permit 192.168.1.0 0.0.0.255

ip access-list standard vlan1

remark vlan1

remark CCP_ACL Category=1

permit 10.10.10.0 0.0.0.255

ip access-list standard vlan2

remark vlan2

remark CCP_ACL Category=1

permit 192.168.1.0 0.0.0.255

!

ip access-list extended rdp02

remark rdp02

remark CCP_ACL Category=1

permit tcp any eq 17501 host 192.168.1.51 eq 17501 established

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

no cdp run

!

!

!

!

control-plane

!

banner exec ^CC

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for  one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you

want to use.

-----------------------------------------------------------------------

^C

banner login ^CCAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

4 REPLIES

Re: Cisco Router 871 port Forwarding

Hi,

Try adding a static default route:

ip route 0.0.0.0 0.0.0.0 dhcp

Sent from Cisco Technical Support iPhone App

New Member

Re: Cisco Router 871 port Forwarding

thanks for the reply.

I will try tomorrow morning.

New Member

Re: Cisco Router 871 port Forwarding

hm.. still i can't make it to work from out side to inside..

is there any other ides?

Re: Cisco Router 871 port Forwarding

Hi,

Configure your FE port where your PC is connected in access mode

interfacce fast x

switchport access vlan 2

switchport mode acess

Make sure you've got the Layer 2

VLAN configured

871(config)#vlan 2

Kindly post your new running config, show vlan-switch, show ip interface brief and ping results to 192.168.1.10 and 192.168.1.51 from the 871.

Also post the ipconfig and ping to 192.168.1.1 and 192.168.1.10 output from your PC.

Sent from Cisco Technical Support iPhone App

773
Views
0
Helpful
4
Replies