Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
935
Views
0
Helpful
6
Replies

Cisco 1941 Router Portforwarding not work.

Prakash Shanmugam
Level 1
Level 1

‎05-13-2017 07:13 PM - edited ‎03-05-2019 08:31 AM

Hi,

At one of our client premises they have an Cisco 1941 router. We need to connect from outside (other location branch) with Remote Desktop connection port 3389 to an internal IP address ( a server)and Port 491 is my SAP Port also not working.

.

DMZ 192.168.1.22 

PFA the configuration


ip dhcp excluded-address 192.168.1.1 192.168.1.25
!
ip dhcp pool DATA
network 192.168.1.0 255.255.255.0
dns-server 202.83.21.12 202.83.20.101
default-router 192.168.1.1
!
!
!
ip domain name yourdomain.com
ip cef

license udi pid CISCO1941/K9 sn FGL211024AM

!
interface GigabitEthernet0/0
description $wan Internet LINK$
ip address 192.168.0.1 255.255.255.0(Wan IP)
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $LocAL NETWORK LINK$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.22 3389 interface GigabitEthernet0/0 3389
ip nat inside source static tcp 192.168.1.22 491 interface GigabitEthernet0/0 491
ip route 0.0.0.0 0.0.0.0 192.168.0.2
!
!
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane

Labels:
0 Helpful
6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

‎05-13-2017 08:58 PM

Hi,

Can try using the IP address instead of the interface:

ip nat inside source static tcp 192.168.1.22 3389 192.168.0.1 3389
ip nat inside source static tcp 192.168.1.22 491 192.168.0.1 491

and test again.

HTH

0 Helpful

Prakash Shanmugam
Level 1
Level 1
In response to Reza Sharifi

‎05-13-2017 09:13 PM

Hi,

i am already try that also not working.

0 Helpful

Prakash Shanmugam
Level 1
Level 1
In response to Prakash Shanmugam

‎05-13-2017 09:25 PM

Hi,

configuration is correct or not.

Please conform.

0 Helpful

Georg Pauwen
VIP
VIP
In response to Prakash Shanmugam

‎05-13-2017 11:03 PM

Hello,

try to add the 'extended' keyword to your static NAT translations:

ip nat inside source static tcp 192.168.1.22 3389 192.168.0.1 3389 extended
ip nat inside source static tcp 192.168.1.22 491 192.168.0.1 491 extended

0 Helpful

Prakash Shanmugam
Level 1
Level 1
In response to Georg Pauwen

‎05-15-2017 07:55 AM

Hello,

i am found the answer guys,below add the command only port is opened.

!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.22 491 interface GigabitEthernet0/0 491
ip nat inside source static tcp 192.168.1.9 3389 interface GigabitEthernet0/0 3389
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit tcp host 192.168.1.22 any
!

0 Helpful

seanwaite
Level 1
Level 1
In response to Prakash Shanmugam

‎05-15-2017 07:39 AM

Looking at the configuration and comparing to several routers, I really do not see anything wrong here. Is

Can you do "sh ip nat translations | i 192.168.1.22" and do you see if there are translations for this entry?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card