Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4427
Views
0
Helpful
16
Replies

Can it be done on Cisco router?

thnguyen2011
Level 1
Level 1

‎06-28-2012 11:03 PM - edited ‎03-04-2019 04:50 PM

Hi All,

Can this scenario be done one the cisco 877 router?

I have VPN Ipsec up and runing on both site. How can to configure the port forwarding to the remote server over the tunnel?

http://www.sirkit.ca/wiki/2012/03/port-forwarding-through-an-ipsec-tunnel-to-a-remote-serverpc-with-fortinet/

Thanks,

Thai

Labels:
0 Helpful
16 Replies 16

handoko wiyanto
Level 3
Level 3
In response to thnguyen2011

‎07-03-2012 05:08 AM

do you have yahoo id? add me, im endoch6@yahoo.com so that we can talk online

0 Helpful

thnguyen2011
Level 1
Level 1

‎07-03-2012 06:22 PM

Hi All,

As per Karsten advise and the help of handoko. Here is my configure but it still does not work. 

!
interface Loopback100
description Loopback for testing hairpinning
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
interface Dialer0
description ---ADSL Detail---
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
ip policy route-map hairpin
dialer pool 1
dialer-group 1
ppp chap hostname myusername@isp.com 
ppp chap password mypassword
crypto map SDM_CMAP_1
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 remark CCP_ACL Category=3
access-list 101 remark IPSec Rule
access-list 101 deny   ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 115 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address NAT
!
route-map hairpin permit 115
match ip address 115 set dialer0
!
!
ip dns server
ip nat inside source static tcp 192.168.0.51 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.2.99 80 interface Dialer0 8000
ip nat inside source static tcp 192.168.2.99 9100 interface Dialer0 9100
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!


Here is some output

sh ip nat transtraltions

Laverton#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 120.146.xxx.xxx:3389 192.168.0.51:3389 120.146.xxx.xxx:50712 120.146.xxx.xxx:50712
tcp 120.146.xxx.xxx:3389 192.168.0.51:3389 120.146.xxx.xxx:50723 120.146.xxx.xxx:50723
tcp 120.146.xxx.xxx:3389 192.168.0.51:3389 120.146.xxx.xxx:50724 120.146.xxx.xxx:50724
tcp 120.146.xxx.xxx:3389 192.168.0.51:3389 ---                ---
tcp 120.146.xxx.xxx:8000 192.168.2.99:80   120.146.xxx.xxx:50718 120.146.xxx.xxx:50718
tcp 120.146.xxx.xxx:8000 192.168.2.99:80   120.146.xxx.xxx:50719 120.146.xxx.xxx:50719
tcp 120.146.xxx.xxx:8000 192.168.2.99:80   120.146.xxx.xxx:50725 120.146.xxx.xxx:50725
tcp 120.146.xxx.xxx:8000 192.168.2.99:80   ---                ---
tcp 120.146.xxx.xxx:9100 192.168.2.99:9100 120.146.xxx.xxx:50722 120.146.xxx.xxx:50722
tcp 120.146.xxx.xxx:9100 192.168.2.99:9100 ---                ---

RDP is working but http and printer port are not working.

sh crypto isakmp sa

IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
120.146.xxx.xxx  123.209.xxx.xxx  QM_IDLE           2001 ACTIVE
IPv6 Crypto ISAKMP SA


Am i missing something?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card