Newbie Question; Cisco 837
 




IT Certification FAQ
 
|
Home
 |
Microsoft
 |
CISCO
 |
CompTIA
 |
Exam/Study FAQ
 |
Employment FAQ
 | Links  | Forums  |
Book Reviews


FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  ProfileProfile  Log in to check your private messagesPrivate messages  Log inLog in

Newbie Question; Cisco 837

 
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco
Author Message
Andrew Neillans
Guest
PostPosted: Sun Apr 16, 2006 5:27 pm    Post subject: Newbie Question; Cisco 837 Reply with quote
Hi all,

I have a Cisco 837 that I'm having trouble getting Port Mapping working
as expected. My config is:

!version 12.3
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service compress-config
!
hostname c830
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 Blah
!
username ajn privilege 15 secret 5 Blah
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
no aaa new-model
ip subnet-zero
ip domain name internal.neillans.co.uk
ip name-server 217.169.20.20
ip name-server 217.169.20.21
ip dhcp excluded-address 10.0.0.101 10.0.0.254
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool LAN
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 217.169.20.20 217.169.20.21
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
ip audit notify log
ip audit po max-events 100
ip ssh version 2
no ftp-server write-enable
!
!
!
no crypto isakmp enable
!
!
!
!
interface Ethernet0
description $ETH-LAN$$FW_INSIDE$Local Network
ip address 10.0.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 10
!
dsl operating-mode auto
!
interface Dialer0
description $FW_OUTSIDE$Point-to-Point to AAISP Customer Aggregation
ip address negotiated
ip access-group 101 in
ip nat outside
ip inspect DEFAULT100 out
encapsulation ppp
dialer pool 10
ppp authentication chap callin
ppp chap hostname blah
ppp chap password 7 blah
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 10.0.0.108 9991 interface Dialer0 9991
ip nat inside source static tcp 10.0.0.107 22 interface Dialer0 9922
ip nat inside source static tcp 10.0.0.108 9991 interface Dialer0 9991
ip nat inside source static 10.0.0.101 1.1.1.1 extendable
ip nat inside source static 10.0.0.102 2.2.2.2 extendable
ip nat inside source static 10.0.0.103 3.3.3.3 extendable
ip nat inside source static 10.0.0.104 4.4.4.4 extendable
ip nat inside source static 10.0.0.105 5.5.5.5 extendable
ip nat inside source static 10.0.0.106 6.6.6.6 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http authentication local
ip http secure-server
!
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 remark BitTorrent
access-list 101 permit udp any host 200.200.200.200 eq 9991
access-list 101 permit tcp any host 200.200.200.200 eq 9991
access-list 101 remark SSH to Dev
access-list 101 permit tcp any host 200.200.200.200 eq 9922 log
access-list 101 remark SSH to Router
access-list 101 permit tcp any any eq 22 log
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
snmp-server community public RO
snmp-server enable traps tty
no cdp run
!
control-plane
!
!
line con 0
logging synchronous
login local
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
exec-timeout 15 0
login local
transport preferred all
transport input ssh
transport output all
!
scheduler max-task-time 5000
!
end


I am assigned a number of static IP's by my isp (1.1.1.1 to 6.6.6.6 in
the above), along side my standard static ADSL ip (200.200.200.200 in
the above). I have the additional static IP's mapped to internal IP's
via static NAT.
Also in the above, you can see that I have tried to map a number of
other ports - 9991 and 9922 to other IP's on my network, however, these
are to be bound to the same public IP address as my ADSL connection.

But the above does not work - and I can't see why.... 9922 and 9991
remain closed.

Anyone care to give me a pointer?

Regards,

Andy Neillans
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco All times are GMT
Page 1 of 1

 

Copyright © 2002-2006 Web-S-Sense Pty. Ltd. All rights reserved.

Powered by phpBB
Advertising | Policies/Disclaimers | Contact us | Link to us

Featured Sites: Free Antivirus and Antispyware Info | Free PC Support | MCSE Directory