12-16-2011 04:59 PM - edited 03-04-2019 02:40 PM
I have to open several ports from the WAN to LAN on a 1921:
For example:
Say I need port 41795 both UDP and TCP to go from the WAN to the LAN, can someone provide me the context I have to follow?
Currently I have this in place
Another piece of this is that the devices that will need to be accessed remotely are on VLAN10 - will that cause a problem?
Thanks for any help, I appreciate it. This is installed at a clients home for a very complex Crestron network that included 5 Cisco POE GB switches, 2 VLANS, with VLAN10 utilizing QOS and is the AV network (VLAN1 is the computer network), 8 1142 WAP's, and this 1921.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.12.16 19:52:41 =~=~=~=~=~=~=~=~=~=~=~=
show run
Building configuration...
Current configuration : 3340 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DHOWE_Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$JuTn$zn6CnXIm1bJGgPhtRCfB0.
enable password ********
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.39.0 192.168.39.49
ip dhcp excluded-address 192.168.39.100 192.168.39.254
ip dhcp excluded-address 192.168.38.0 192.168.38.49
ip dhcp excluded-address 192.168.38.100 192.168.38.254
!
ip dhcp pool 39subnet
network 192.168.39.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.39.1
lease 7
!
ip dhcp pool vlan10-pool
network 192.168.38.0 255.255.255.0
dns-server 8.8.8.8 4.2.2.2
default-router 192.168.38.1
lease 7
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FTX153904V6
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address X.X.X.X 255.255.248.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 10
ip address 192.168.38.1 255.255.255.0
no ip redirects
no ip unreachables
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 1 native
ip address 192.168.39.1 255.255.255.0
no ip redirects
no ip unreachables
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list nat-acl interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 *.*.*.* 254
!
ip access-list extended nat-acl
permit ip 192.168.38.0 0.0.0.255 any
permit ip 192.168.39.0 0.0.0.255 any
!
access-list 100 permit tcp any any eq 41795
access-list 100 permit udp any any eq 41795
access-list 100 permit tcp any any eq 41095
access-list 100 permit udp any any eq 41095
access-list 100 permit tcp any any eq 41195
access-list 100 permit udp any any eq 41195
access-list 100 permit tcp any any eq 41295
access-list 100 permit udp any any eq 41295
access-list 100 permit tcp any any eq 41395
access-list 100 permit udp any any eq 41395
access-list 100 permit tcp any any eq 41495
access-list 100 permit udp any any eq 41495
access-list 100 permit tcp any any eq 41595
access-list 100 permit udp any any eq 41595
access-list 100 permit tcp any any eq 41695
access-list 100 permit udp any any eq 41695
access-list 100 permit tcp any any eq 41895
access-list 100 permit udp any any eq 41895
access-list 100 permit tcp any any eq 41995
access-list 100 permit udp any any eq 41995
access-list 100 permit tcp any any eq 41790
access-list 100 permit udp any any eq 41790
access-list 100 permit tcp any any eq www
access-list 100 permit udp any any eq 80
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password *********
login
transport input all
!
scheduler allocate 20000 1000
end
DHOWE_Router#
Solved! Go to Solution.
12-16-2011 05:35 PM
hi morris,
try to configure your static NAT from global config as below:
ip nat inside source static tcp 192.168.38.X 41795
ip nat inside source static udp 192.168.38.X 41795
with regards to remotely accessing devices in VLAN 10, i don't think these changes will cause any disruption but it will be nice and prudent if you do this during off peak hours.
12-16-2011 05:35 PM
hi morris,
try to configure your static NAT from global config as below:
ip nat inside source static tcp 192.168.38.X 41795
ip nat inside source static udp 192.168.38.X 41795
with regards to remotely accessing devices in VLAN 10, i don't think these changes will cause any disruption but it will be nice and prudent if you do this during off peak hours.
12-16-2011 05:38 PM
Hi John,
Thank you for the quick reply. I did try to create the static NAT but kept running into syntax errors. I am hoping that I will get a chance to pop these in there tomorrow and I will report back. Thank you again for your help.
12-16-2011 05:51 PM
hi morris,
sure just post here what error you ran into and will try to help you out. make sure you did as below:
Router(config)#ip nat inside source static tcp 192.168.38.X 41795
note that i've used 192.168.38.X and
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide