Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Newbe Please help.....

Status
Not open for further replies.
golson

golson

MIS
Joined
Jan 22, 2002
Messages
27
Location
US
I have absolutly no experience with routers and my company switched ISP's and decided to purchace a Cisco router, have the new ISP set it up and then it would be up to me to manage it. I need to know how to open a port on the router so my internal clients can use a citrix ICA client app. I beleve the ports are TCP 1494 and UDP 1604. I have the enable password and can get in to configure but I have no idea where to go from here? Can someone walk me through this process?

Thanks in advance,

Golson
 
Sort by date Sort by votes
My knowlegde of configuring cisco devices isn't that extensive..
what you should do is look into setting up access lists to permit that particular port on your interface. the cisco website has lots of information on how to setup access lists.

Ryan

 
Upvote 0 Downvote
extended access lists, to be exact.

 
Upvote 0 Downvote
Still new on cisco.
try this one...

hope this will help.

access-list 100 permit tcp any any eq 1494
access-list 100 permit udp any any eq 1604

 
Upvote 0 Downvote
Are you doing any NAT'ing (Network Address Translation) to an IP address on your ISP's network?
 
Upvote 0 Downvote
Supply a "show access-list". Log onto router and access enable mode. The router sounds as though it is being used as a firewall device as well as gateway.
PS ensure you remove any outside IP addresses from any posts to prevent spotty kids hacking your system!
 
Upvote 0 Downvote
Access-lists have an implicit deny at the end of a line of statements. For example what marlon posted will only allow that specific traffic and all else will be denied. So what ever else is on the router can be important.
 
Upvote 0 Downvote
Here is what I get when I enter a show access-list from enable mode:

Standard IP access list 1
permit 192.168.X.X, wildcard bits 0.0.0.255

We are using NAT and do have some ports forwarded for incoming traffic e-mail ect... This app needs to go outside. Should I try the commands that marlon posted? Or do I need to do somthing else?
 
Upvote 0 Downvote
The reson I asked about NAT is that Citrix embeds the servers IP address in the packet pay-load. This can cause issues with NAT since the router only translates the IP headers.

There is a server patch and some documentation on it at (just type in NAT in the search field.)

You'll also need to apply the acl to an interface. But if your trying to filter at the port level you'll need to create an extended access list.. Here's an example from one of the router's we have:

ip access-list extended COMCAST
permit icmp any any echo
permit icmp any any echo-reply
permit tcp host 4.3.2.1 eq 0.0.3.255 gt 1023
...
permit tcp host 4.3.2.1 eq 443 1.2.3.0 0.0.3.255 gt 1023
.....
....
...

This ACL is allowing a specific address 4.3.2.1 on TCP port 80 and 443 to talk to the 1.2.3.0 255.255.252.0 network on any port greater than 1023. Notice that the subnet mask for network 1.2.3.0 is inverted. ACL's use inverse-masks to match subnets. There's a good IP Calc at -> Products and under Free Utilities. That will figure inverse masks. Also note that this ACL will deny all other traffic that is not listed. This is done by default.

You'll also need to apply the ACL to an interface. Example:

interface Serial0/0
ip access-group COMCAST in

There are two options for appling the ACL to an interface. in and out. Inbound (most common) is filtering traffic comming in on that interface. Out of couse filers outbound traffic. You'll have to be careful of the order which you write the ACL since depending how you apply the ACL dictates the function of the ACL (The ACL above would have to be written in reverse if applied as an outbound ACL)

To see if you are getting "hits" on the ACL issue the show ip access command. You should notice hit counters incrementing.

Hope this helps you out.
 
Upvote 0 Downvote
Thanks for the correction gaveeve. forgot about that one.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Locked
  • Question Question
Cisco RV042G router
Replies
0
Views
326
Blackybear
Blackybear
Jared R
  • Locked
  • Question Question
Cisco UC320W Paging Help
Replies
0
Views
701
Jared R
Jared R
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
405
badwolf1686
B
pbxcomm
  • Locked
  • Question Question
CISCO VG450
Replies
1
Views
822
nt8d09
nt8d09
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
564
CPM86
CPM86

Part and Inventory Search

Sponsor

Back
Top