Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do you setup Port forwarding on a Cisco2600 1

Status
Not open for further replies.
evh172

evh172

Technical User
Joined
Nov 23, 2005
Messages
5
Location
US
I am new to routers and am to say the least lost.
I have 2 servers at a remote location that is connected via a frame relay. I have internet acces at site a via a dsl that I need to get port 22 forwarded to 10.159.188.14 and port 3389 forwarded to 10.159.188.13 The software version on both Routers is 12.0 Please help
 
Sort by date Sort by votes
we will need to see the configs for the router but you need to setup NAT. then you can do a static port translation.
 
Upvote 0 Downvote
ip host Citris_Heights 10.159.100.22
ip host Paradise 10.159.100.90
ip host Marysville 10.159.100.38
ip host Lincoln 10.159.100.54
ip host Grass_Valley 10.159.100.26 10.159.100.250
ip host Newcastle 10.159.100.86

interface Ethernet0/0
ip address 62.225.12.230 255.255.255.248
ip access-group 101 out
ip directed-broadcast
ip nat outside
no ip route-cache
no ip mroute-cache
no cdp enable

interface Serial0/0.21 point-to-point
description Newcastle
bandwidth 4
ip address 10.159.100.85 255.255.255.252
no ip directed-broadcast
ip nat inside
ip summary-address eigrp 10 10.159.0.0 255.255.0.0
no ip route-cache
no ip mroute-cache
no cdp enable
frame-relay interface-dlci 21
class 384kcir
interface FastEthernet1/0
ip address 10.159.140.1 255.255.255.0
ip access-group 103 in
no ip directed-broadcast
ip nat inside
no ip route-cache
no ip mroute-cache
no cdp enable
!
router eigrp 10
redistribute static
passive-interface Ethernet0/0
passive-interface FastEthernet1/0
network 10.0.0.0
no auto-summary
eigrp log-neighbor-changes
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 63.205.0.225
ip route 10.28.0.0 255.255.0.0 10.159.140.2 190
!

I need to go from 62.225.12.230 to the newcastle interface 2 differant ports to 2 different IP addresses
 
Upvote 0 Downvote
try this :

ip nat inside source static tcp 10.159.188.14 22 interface Serial0/0.21 22 extendable


ip nat inside source static tcp 10.159.188.13 3389 interface Serial0/0.21 3389 extendable


you can use the extendable command only if you IOS has it. I dont use it because my IOS does have that command. but it works fine with out it.
 
Upvote 0 Downvote
Is there a way to limit it so only a certian IP can reach it?
 
Upvote 0 Downvote
yeah an access-list. What ip you want to give access?
 
Upvote 0 Downvote
I would like to haveit restricted to 163.1731.181.133.
 
Upvote 0 Downvote
Sorry had to fix one thing on the forwarding :

ip nat inside source static tcp 10.159.188.14 22 interface Ethernet0/0 22 extendable


ip nat inside source static tcp 10.159.188.13 3389 interface Ethernet0/0 3389 extendable


Just notice that Ethernet0/0 is the outside interface
 
Upvote 0 Downvote
I will need to see your access-list 101 and 103 because you have them applied to you interfaces with the ip access-group 101 out and ip access-group 103 in .
 
Upvote 0 Downvote
access-list 1 permit 10.159.0.0 0.0.255.255
access-list 101 deny ip any 10.0.0.0 0.255.255.25
access-list 101 permit ip any any
access-list 102 permit ip 10.159.135.0 0.0.0.255 an
access-list 102 permit ip 10.159.100.20 0.0.0.3 any
access-list 102 deny ip any any
access-list 103 deny udp any any eq netbios-ns
access-list 103 deny udp any any eq netbios-dgm
access-list 103 permit ip any any
access-list 104 permit ip 10.159.153.0 0.0.0.255 an
access-list 104 permit ip 10.159.100.64 0.0.0.3 any
access-list 104 deny ip any any
access-list 105 permit ip 10.159.180.0 0.0.0.255 an
access-list 105 permit ip 10.159.100.88 0.0.0.3 any
access-list 105 deny ip any any
access-list 106 permit ip 10.159.167.0 0.0.0.255 an
access-list 106 permit ip 10.159.100.56 0.0.0.3 any
access-list 106 deny ip any any
access-list 150 permit udp any any range 5000 5070
access-list 150 permit udp any range 5000 5070 any
access-list 150 permit udp any any eq 5567
access-list 150 permit udp any eq 5567 any
access-list 150 permit tcp any any eq 5566
access-list 150 permit tcp any eq 5566 any
access-list 150 permit tcp any any eq 5570
access-list 150 permit tcp any eq 5570 any
access-list 150 permit udp any any eq 16384
access-list 150 permit udp any eq 16384 any
priority-list 1 protocol ip high list 150
 
Upvote 0 Downvote
ok this will get you user internet access and only give access on those ports to only that ip :

access-list 101 permit tcp host 163.1731.181.133 62.225.12.230 eq 22
access-list 101 permit tcp host 163.1731.181.133 62.225.12.230 eq 3389
access-list 101 permit tcp any any established
access-list 101 permit udp any any


apply it to Ethernet0/0 like this:

ip access-group 101 in



but u have to remove access-list 101 before

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
559
CPM86
CPM86
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
798
madwok
madwok
Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
502
Zero6
Zero6
testman1
  • Locked
  • Question Question
SIP telephone ring on second call
Replies
0
Views
443
testman1
testman1
jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
525
DavetheChef
DavetheChef

Part and Inventory Search

Sponsor

Back
Top