cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5761
Views
0
Helpful
16
Replies

Can it be done on Cisco router?

thnguyen2011
Level 1
Level 1

Hi All,

Can this scenario be done one the cisco 877 router?

I have VPN Ipsec up and runing on both site. How can to configure the port forwarding to the remote server over the tunnel?

http://www.sirkit.ca/wiki/2012/03/port-forwarding-through-an-ipsec-tunnel-to-a-remote-serverpc-with-fortinet/

Thanks,

Thai

16 Replies 16

do you have yahoo id? add me, im endoch6@yahoo.com so that we can talk online

thnguyen2011
Level 1
Level 1

Hi All,

As per Karsten advise and the help of handoko. Here is my configure but it still does not work.

!

interface Loopback100

description Loopback for testing hairpinning

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

interface Dialer0

description ---ADSL Detail---

ip address negotiated

ip mtu 1460

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1420

ip policy route-map hairpin

dialer pool 1

dialer-group 1

ppp chap hostname myusername@isp.com

ppp chap password mypassword

crypto map SDM_CMAP_1

!

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 remark CCP_ACL Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 remark CCP_ACL Category=3

access-list 101 remark IPSec Rule

access-list 101 deny   ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.2.0 0.0.0.255 any

access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 115 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

!

!

!

!

route-map SDM_RMAP_1 permit 1

match ip address NAT

!

route-map hairpin permit 115

match ip address 115 set dialer0

!

!

ip dns server

ip nat inside source static tcp 192.168.0.51 3389 interface Dialer0 3389

ip nat inside source static tcp 192.168.2.99 80 interface Dialer0 8000

ip nat inside source static tcp 192.168.2.99 9100 interface Dialer0 9100

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

!


Here is some output

sh ip nat transtraltions

Laverton#sh ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

tcp 120.146.xxx.xxx:3389 192.168.0.51:3389 120.146.xxx.xxx:50712 120.146.xxx.xxx:50712

tcp 120.146.xxx.xxx:3389 192.168.0.51:3389 120.146.xxx.xxx:50723 120.146.xxx.xxx:50723

tcp 120.146.xxx.xxx:3389 192.168.0.51:3389 120.146.xxx.xxx:50724 120.146.xxx.xxx:50724

tcp 120.146.xxx.xxx:3389 192.168.0.51:3389 ---                ---

tcp 120.146.xxx.xxx:8000 192.168.2.99:80   120.146.xxx.xxx:50718 120.146.xxx.xxx:50718

tcp 120.146.xxx.xxx:8000 192.168.2.99:80   120.146.xxx.xxx:50719 120.146.xxx.xxx:50719

tcp 120.146.xxx.xxx:8000 192.168.2.99:80   120.146.xxx.xxx:50725 120.146.xxx.xxx:50725

tcp 120.146.xxx.xxx:8000 192.168.2.99:80   ---                ---

tcp 120.146.xxx.xxx:9100 192.168.2.99:9100 120.146.xxx.xxx:50722 120.146.xxx.xxx:50722

tcp 120.146.xxx.xxx:9100 192.168.2.99:9100 ---                ---

RDP is working but http and printer port are not working.

sh crypto isakmp sa

IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
120.146.xxx.xxx  123.209.xxx.xxx  QM_IDLE           2001 ACTIVE

IPv6 Crypto ISAKMP SA


Am i missing something?