Re: Cisco 1720 Question

Thomas E Petersen wrote:
> Please forgive my ignorance, but I'm a total noob at Cisco and this fell
> into my lap. We have a location that has a Cisco 1720 that connects three
> networks to a firewall. One of the clients, who had a server on one of the
> networks, wants to setup a VPN into their server on port 5000. I can get
> this forwarded through our firewall and have pointed it at the gateway
> address of the destination network (on the Cisco 1720).
>
> I had nothing to do with the setup of this router and I do know that the
> guy who did set it up only did so with the help of Cisco's tech support. I
> don't believe this is an option this time, as the router was installed in
> 2001 and, as far as I know we have no service agreement on it. I do know how
> to into the router via Telnet and how to get it into configure mode, but
> after that I'm lost. Can this router forward port 5000 (or any other port)
> to another network? If so, how would I do this?

Hi!

If the router is doing the NAT'ing then you should be able to setup a
NAT/PAT translation on the box.

"show run" will print out the configuration.
If the config shows up "ip nat inside/outside" on the relevant
interfaces then the router is doing the NAT;ing.

A generic example of setting up a translation for TCP port 5000:
"ip nat inside source static tcp INT-SERVER-IP 5000 EXT-ROUTER-IP 5000
extendable"

The other thing to check would be if there is any access-list in place
(inbound on the external interface):

Check to see if there are any "access-group" commands under any of the
interfaces in the config and make of the access-group name.

This will relate to an access-list that is either blocking/permitting
specific traffic.
It will have to be edited to include port 5000 for the traffic that you
want to permit.

Post your config if you get stuck.

Rob
.

Relevant Pages

  • Re: Liteweight needs confirmation: SBS config of Mulitple NIC
    ... Cisco configs give me a headache. ... match access-group 112 ... access-list 9 permit yada..yada...yada ... Tried to ping the Cisco router from the Firebox, ...
    (microsoft.public.windows.server.sbs)
  • RE: Which router to choose for port scanning
    ... I just picked up a Cisco 857 DSL router w/ 4 LAN ports, ... Which router to choose for port scanning ... Have a look at the Cisco 877 DSL routers, ...
    (Pen-Test)
  • Re: capturing traffic on cisco routers
    ... You can configure one of the ports of your router to send a copy of all the ... traffic that it receives on that port to another port, ... capturing traffic on cisco routers ... > Do You Yahoo!? ...
    (Security-Basics)
  • Re: Open tcp port 2005 on cisco router
    ... It should be cisco 2511. ... > for this purpose in the router. ... you can connect via local loopback, or the IP address + port of the ... typically connect to port 5 on the 2511... ...
    (Pen-Test)
  • Cisco 1720 Question
    ... but I'm a total noob at Cisco and this fell ... networks, wants to setup a VPN into their server on port 5000. ... I had nothing to do with the setup of this router and I do know that the ...
    (comp.dcom.sys.cisco)