Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Routing

Hello,

I have a system with LAN IP where an application is running which will connect to a public server and download some files.

But I need to open a port 3306 for this.

The local LAN IP is 192.168.1.71

The public IP is 193.144.127.204

Port is 3306.

Can someone help me to open a port in the firewall ?

To connect to the B2G database you (your computer settings, your personal firewall) and your institute (institutes firewall, providers network settings) has to permit outgoing tcp connections on port 3306.

Please help me with routing table.

Thanks

Tonio

10 REPLIES
Community Member

Re: Routing

Hello Tonio. What kind of firewall is it? Or what kind of device are you going through to get to this outside server?

Also, can you ping that outside server from your system? If yes, can you trace to the outside server from your system. If yes, can you telnet to port 3306 from your system. Thanks

telnet 193.144.127.204 3306

ping 193.144.127.204

tracert 193.144.127.204

Community Member

Re: Routing

Yes, I am able to PING. I use cisco ASA5500

.

Without firewall I am able to connect and work.

Need to know how to create an access list.

Thank you

George

Cisco Employee

Re: Routing

Hello,

Typically (unless you have configured exclusively), the firewall allows all outbound connections from the internal network. Please issue the following command to see if there is any rule configured on the inside interface:

show run access-group

If you do not find any access-group attached to the inside interface, then everything is allowed from inside to outside. If you did find an access-group attached to the inside interface, then please add a line to allow the port:

access-list line 1 permit tcp any host eq 3306

Hope this helps.

Regards,

NT

Community Member

Re: Routing

Thank you for the reply. Here is the group I have it in my router

access-group acl_out in interface outside
access-group acl_in in interface inside

Thanks

Tonio

Cisco Employee

Re: Routing

Hello,

Can you please post the output of "show run access-list acl_in" command here?

Regards,

NT

Community Member

Re: Routing

Once again, thanks a lot.

Here is the result

Thanks in advance

Tonio

Cisco Employee

Re: Routing

Hello,

Please try this command:

access-list acl_in line 1 permit tcp any host 193.144.127.204 eq 3306

Hope this helps.

Regards,

NT

Community Member

Re: Routing

Seems to be it is working.

Thank you so much.

Can you help me in one more thing?

I need to open a port 4444 in the firewall to access something on a public server.

Can you please give me the command?

Also I have my web server in DMZ.

But when users connect to VPN they will not be able to browse the site. Always they need to disconnect VPN and access the server.

Is there any NATing I need to do for accessing web server without disconnecting VPN.

When I connect to VPN I get an IP range of 10.21.200.0

My server IP is 10.21.15.0

Thank you so much

Tonio

Cisco Employee

Re: Routing

Hello,

In order for you to access the public server on port 4444, please try the

following command:

Access-list acl_in line 2 permit ip any host eq

4444

With regard to VPN clients not able to access the webserver issue, please

try the following:

Access-list nonat_dmz permit ip 10.21.15.0 255.255.255.0 10.21.200.0

255.255.255.0

Nat (dmz) 0 access-list nonat_dmz

Hope this helps.

Regards,

NT

Note: Please do not forget to rate the useful posts.

Community Member

Re: Routing

Thank you it is working.

Tonio

300
Views
0
Helpful
10
Replies
CreatePlease to create content