Re: Cisco 1720 Question

Thanks for the quick response. I tried this earlier today and it caused
their internet to stop responding (?). Could that have something to do with
the access lists?

Anyway, here is their current run configuration.



Building configuration...

Current configuration : 1235 bytes

!

version 12.2

no parser cache

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

logging rate-limit console 10 except errors

enable secret 5 $1$JAC4$JimvcKDrpFPl7vLW5k.1G.

enable password ********

!

username Exec

memory-size iomem 25

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

!

no ip dhcp-client network-discovery

!

!

!

interface Ethernet0

ip address 172.16.2.210 255.255.0.0

ip nat outside

half-duplex

!

interface FastEthernet0

ip address 130.100.0.222 255.255.255.0 secondary

ip address 100.75.0.23 255.0.0.0

ip broadcast-address 0.0.0.0

ip nat inside

no ip route-cache

speed auto

half-duplex

!

ip nat inside source list 101 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.2.207

no ip http server

!

access-list 101 deny ip 100.0.0.0 0.0.0.255 130.100.0.0 0.0.0.255

access-list 101 deny ip 130.100.0.0 0.0.0.255 100.0.0.0 0.255.255.255

access-list 101 permit ip 100.0.0.0 0.255.255.255 any

access-list 101 permit ip 130.100.0.0 0.0.0.255 any

snmp-server community public RO

!

line con 0

line aux 0

line vty 0 4

password ********

login

!

end



The server we are trying to get to is at 130.100.0.100 and the firewall the
traffic will becoming in through is at 172.16.2.207. It then sends anything
coming in on port 5000 to 172.16.2.210, which it the IP of the 1720 on the
172.16.xxx.xxx subnet.

The command I ran was 'ip nat inside source static tcp 130.100.0.100 5000
172.16.2.207 5000 extendable'

Was this correct?

Thanks again.

"RobO" <rob@xxxxxxxxxxxxxxxxxx> wrote in message
news:muadnbo0roF69ZLeRVnysg@xxxxxxxxxxxxxxxxx
> Thomas E Petersen wrote:
>> Please forgive my ignorance, but I'm a total noob at Cisco and this
>> fell
>> into my lap. We have a location that has a Cisco 1720 that connects three
>> networks to a firewall. One of the clients, who had a server on one of
>> the
>> networks, wants to setup a VPN into their server on port 5000. I can get
>> this forwarded through our firewall and have pointed it at the gateway
>> address of the destination network (on the Cisco 1720).
>>
>> I had nothing to do with the setup of this router and I do know that
>> the
>> guy who did set it up only did so with the help of Cisco's tech support.
>> I
>> don't believe this is an option this time, as the router was installed in
>> 2001 and, as far as I know we have no service agreement on it. I do know
>> how
>> to into the router via Telnet and how to get it into configure mode, but
>> after that I'm lost. Can this router forward port 5000 (or any other
>> port)
>> to another network? If so, how would I do this?
>
> Hi!
>
> If the router is doing the NAT'ing then you should be able to setup a
> NAT/PAT translation on the box.
>
> "show run" will print out the configuration.
> If the config shows up "ip nat inside/outside" on the relevant
> interfaces then the router is doing the NAT;ing.
>
> A generic example of setting up a translation for TCP port 5000:
> "ip nat inside source static tcp INT-SERVER-IP 5000 EXT-ROUTER-IP 5000
> extendable"
>
> The other thing to check would be if there is any access-list in place
> (inbound on the external interface):
>
> Check to see if there are any "access-group" commands under any of the
> interfaces in the config and make of the access-group name.
>
> This will relate to an access-list that is either blocking/permitting
> specific traffic.
> It will have to be edited to include port 5000 for the traffic that you
> want to permit.
>
> Post your config if you get stuck.
>
> Rob



----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
.

Relevant Pages

  • Re: Cisco 760
    ... On the ports you are unsure about below, where it says Router, does it ... I can't think why the router requires Port 80 to allow Port 443 other than a ... Current Configuration ... PAT Multicast Summarization Netbios Spoofing/Left ...
    (microsoft.public.windows.server.sbs)
  • Re: probably an easy routing question, so please help
    ... plugged into the same gigabit switch as Server B in Block 2 and they ... from a 10Mb link to the router and the computers are both hooked into ... not run out the 10Mb port to the router with all of its traffic, ... nodes in the two networks you don't own. ...
    (comp.dcom.sys.cisco)
  • Re: One Gateway, Two Networks
    ... You could do this with a typical Internet router. ... It may be that the onlly WAN/Internet port on ... networks from one broadband gateway router? ... folders on our networks, but now we we'll be sharing, I'd rather set us up ...
    (microsoft.public.windowsxp.network_web)
  • Re: General Router Question(s)
    ... >> A WIRELESS INTERNET router will provide a wired port for connecting ... >> not allow access to the configuration pages over this port, ... > That depends on the router. ...
    (alt.os.linux.suse)
  • Re: Strange PC networking problem
    ... and make configuration changes. ... the fix was to completely delete the connection from the Networks ... It's no wonder you Mac advocates despise Windows. ... "Finally, I could use her computer to log in to the router, and make ...
    (comp.sys.mac.advocacy)