cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
64152
Views
15
Helpful
24
Replies

How do I open ports on my router?

Michael Durham
Level 4
Level 4

I have a 3945 route and I need to get port 6969 open but when I run a port analyzer on it from my internal network I get the following report:

Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-30 17:28 Eastern Daylight Time
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Initiating Ping Scan at 17:28
Scanning 166.168.999.999 [4 ports]
Completed Ping Scan at 17:28, 0.17s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:28
Completed Parallel DNS resolution of 1 host. at 17:28, 0.11s elapsed
Initiating SYN Stealth Scan at 17:28
Scanning 999.sub-166-168-999.myvzw.com (166.168.999.999) [65535 ports]
Discovered open port 80/tcp on 166.168.999.999
Discovered open port 22/tcp on 166.168.999.999
Discovered open port 1720/tcp on 166.168.999.999
Discovered open port 443/tcp on 166.168.999.999
Discovered open port 23/tcp on 166.168.999.999
Discovered open port 9131/tcp on 166.168.999.999
Discovered open port 5061/tcp on 166.168.999.999
Discovered open port 2443/tcp on 166.168.999.999
Discovered open port 4131/tcp on 166.168.999.999
SYN Stealth Scan Timing: About 43.86% done; ETC: 17:29 (0:00:40 remaining)
Discovered open port 2000/tcp on 166.168.999.999
Discovered open port 6131/tcp on 166.168.999.999
Discovered open port 5060/tcp on 166.168.999.999
Discovered open port 2131/tcp on 166.168.999.999
Completed SYN Stealth Scan at 17:30, 104.21s elapsed (65535 total ports)
Initiating Service scan at 17:30
Scanning 13 services on 999.sub-166-168-999.myvzw.com (166.168.999.999)
Completed Service scan at 17:32, 156.28s elapsed (13 services on 1 host)
Initiating OS detection (try #1) against 999.sub-166-168-999.myvzw.com 166.168.999.999)
Initiating Traceroute at 17:32
Completed Traceroute at 17:32, 0.01s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 17:32
Completed Parallel DNS resolution of 2 hosts. at 17:32, 0.10s elapsed
NSE: Script scanning 166.168.999.999.
Initiating NSE at 17:32
Completed NSE at 17:33, 15.42s elapsed
Initiating NSE at 17:33
Completed NSE at 17:33, 1.02s elapsed
Nmap scan report for 999.sub-166-168-999.myvzw.com (166.168.999.999)
Host is up (0.00038s latency).
Not shown: 65522 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Cisco SSH 1.25 (protocol 1.99)
| ssh-hostkey:
| 1024 1c:a5:0a:...8f:5a (RSA1)
|_ 1024 bf:4...e3:5c:97 (RSA)
|_sshv1: Server supports SSHv1
23/tcp open telnet Cisco IOS telnetd
80/tcp open http Cisco IOS http config
| http-auth:
| HTTP/1.1 401 Unauthorized\x0D
|_ Basic realm=level_15 or view_access
|_http-server-header: cisco-IOS
|_http-title: Site doesn't have a title.
443/tcp open ssl/http Cisco IOS http config
| http-auth:
| HTTP/1.1 401 Unauthorized\x0D
|_ Basic realm=level_15 or view_access
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: cisco-IOS
|_http-title: Site doesn't have a title.
| ssl-cert: Subject: commonName=IOS-Self-Signed-Certificate-3865562159
| Subject Alternative Name: DNS:TDC_CME_Router.local
| Issuer: commonName=IOS-Self-Signed-Certificate-3865562159
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: md5WithRSAEncryption
| Not valid before: 2018-12-20T15:32:42
| Not valid after: 2020-01-01T00:00:00
| MD5: 739b 4... 3ae6
|_SHA-1: f02e 7...d 9a3f
|_ssl-date: 2019-05-30T21:34:51+00:00; +1m53s from scanner time.
1720/tcp open h323q931?
2000/tcp open cisco-sccp?
2131/tcp open telnet Cisco router telnetd
2443/tcp open tcpwrapped
4131/tcp open tcpwrapped
5060/tcp open sip-proxy Cisco SIP Gateway (IOS 15.2.4.M1)
|_sip-methods: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
5061/tcp open tcpwrapped
6131/tcp open tcpwrapped
9131/tcp open tcpwrapped
OS details: Cisco 836, 890, 1751, 1841, 2800, or 2900 router (IOS 12.4 - 15.1), Cisco Aironet 2600-series WAP (IOS 15.2(2))
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: Randomized
Service Info: OS: IOS; Devices: switch, router; CPE: cpe:/o:cisco:ios
Host script results:
|_clock-skew: mean: 1m52s, deviation: 0s, median: 1m52s\
TRACEROUTE (using port 554/tcp)
HOP RTT ADDRESS
1 0.00 ms 192.168.69.2
2 0.00 ms 999.sub-166-168-999.myvzw.com (166.168.999.999)
NSE: Script Post-scanning.
Initiating NSE at 17:33
Completed NSE at 17:33, 0.00s elapsed
Initiating NSE at 17:33
Completed NSE at 17:33, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 281.84 seconds
Raw packets sent: 69434 (3.057MB) | Rcvd: 65945 (2.642MB)

When I check port 6969 from the internet it too says the ports are closed

We use Verizon 4G as our internet source and we DO have a static public IP address from them.  I called Verizon and they assure me that they are NOT blocking or closing any ports.  We do not have a firewall running (yet) nor has any security configured on the 3945. 

Testing ports from the internet:

Port 22 is open
Port 23 is open
Port 80 is open
Port 443 is open
Port 1720 is open
Port 2000 is open
Port 2131 is open
Port 2443 is open
Port 4131 is open
Port 6131 is open
Port 9131 is open
Port 5060 is open
Port 5061 is open
Port 6969 is closed

Below is the config file less the voice stuff:

Current configuration : 37581 bytes
!
! Last configuration change at 11:21:16 DST Fri May 31 2019 by mdurham
! NVRAM config last updated at 15:38:57 DST Tue May 28 2019 by mdurham
! NVRAM config last updated at 15:38:57 DST Tue May 28 2019 by mdurham
version 15.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime year
service password-encryption
service internal
service sequence-numbers
!
hostname TDC_CME_Router
!
boot-start-marker
boot-end-marker
!
!
enable secret Cisco
!
no aaa new-model
clock timezone EST -5 0
clock summer-time DST recurring
!
!
crypto pki trustpoint TP-self-signed-331159
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-362159
revocation-check none
rsakeypair TP-self-signed-3318662159
!
!
crypto pki certificate chain TP-self-signed-3318662159
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333138 36363231 3539301E 170D3138 31323230 31353332
34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33313836
36323135 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A5F0 57625CEC 37B1607D 47A60EB5 00244B15 5EA26DEC EB978F82 898C21BF
2055FD43 5B44908C 52EB4C30 55933CC9 B0769DD7 2F5A61A3 724C2A81 3AC91269
E04CE747 D5E2CE31 11562908 F40832BA 71D503C9 29D5203E 2D7CE69E AD26D968
0E5D42FB 1F89D30D D4E7819F B35D4D3F 20BA83F9 7A9F44EE 98E09D74 E229BCED
8CE1EC47 7B2B8630 72F38E72 774F0706 0636B1EB FCEF7C3D D629630C CE5F761D
ADF1073D 3222259C 290A63BF 6B93FC99 E9AB32D1 C4980427 9CDB03BA 8C964379
B557EAC1 EB6DD51A 8B7F4967 908C54B6 ADC72EB8 D5678318 76FA7141 693AF1C1
7819D0E7 7C444619 4A1A5AB9 D28315F6
quit
!
ip traffic-export profile Anveo mode capture
bidirectional
!
!
!
!
!
!
!
ip dhcp smart-relay
ip dhcp relay information option
ip dhcp excluded-address 10.110.0.1 10.110.0.20
ip dhcp excluded-address 192.168.0.1 192.168.0.155
ip dhcp excluded-address 192.168.0.200 192.168.0.254
ip dhcp excluded-address 192.168.69.1 192.168.69.240
ip dhcp excluded-address 192.168.70.1 192.168.70.20
ip dhcp excluded-address 192.168.200.1 192.168.200.240
ip dhcp excluded-address 192.168.50.1 192.168.50.200
!
ip dhcp pool Voice
network 10.110.0.0 255.255.255.0
default-router 10.110.0.1
option 150 ip 10.110.0.1
dns-server 1.1.1.1
lease 0 12
!
ip dhcp pool Users
network 192.168.69.0 255.255.255.0
default-router 192.168.69.1
dns-server 1.1.1.1
option 150 ip 10.110.0.1
lease 0 12
!
ip dhcp pool TempVMware
network 192.168.70.0 255.255.255.0
default-router 192.168.70.1
dns-server 192.168.50.100
lease 0 12
!
ip dhcp pool Wiireless
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 1.1.1.1
option 150 ip 10.110.0.1
lease 0 12
!
ip dhcp pool VMware
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
dns-server 192.168.50.5
lease 0 12
!
!
!
ip name-server 1.1.1.1
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
chat-script ltescript "" "AT!CALL1" TIMEOUT 20 "OK"
password encryption aes
!
!
license udi pid C3900-SPE100/K9 sn FOC1432C
license accept end user agreement
license boot module c3900 technology-package securityk9
license boot module c3900 technology-package uck9
hw-module pvdm 0/0
!
redundancy
notification-timer 60000
!
!
controller Cellular 0/3
!
!
track 10 ip sla 1 reachability
delay down 1 up 1
!
track 20 ip sla 2 reachability
delay down 1 up 1
!
!
!
interface Tunnel1
description mGRE - DMVPN Tunnel for customer remote support
ip address 172.16.0.1 255.255.0.0
no ip redirects
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 999
tunnel source 166.168.999.999
tunnel mode gre multipoint
tunnel protection ipsec profile support
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/0.2
description Sommer's Network for Dish Network TV
encapsulation dot1Q 2
ip address 192.168.0.253 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.50
description "VMWare Server HP DL160 Server 3"
encapsulation dot1Q 50
ip address 192.168.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.69
description "Data Network"
encapsulation dot1Q 69 native
ip address 192.168.69.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.110
description "Voice Network"
encapsulation dot1Q 110
ip address 10.110.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.200
description "Wireless - Guest User Network"
encapsulation dot1Q 200
ip address 192.168.200.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/1
description "VMWare Server Dell R620 Server 1"
ip address 192.168.51.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1300
ip policy route-map clear-df
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/0
description Connection to Verizon 4G Internet
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
shutdown
duplex auto
speed auto
!
interface Integrated-Service-Engine1/0
no ip address
shutdown
no keepalive
!
interface SM2/0
description Unity-Express-Service
ip unnumbered GigabitEthernet0/0.110
ip nat inside
ip virtual-reassembly in
service-module fail-open
service-module ip address 10.110.0.2 255.255.255.0
service-module ip default-gateway 10.110.0.1
!
interface SM2/1
description Internal switch interface connected to Service Module
no ip address
!
interface Cellular0/3/0
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string ltescript
dialer watch-group 1
async mode interactive
pulse-time 0
!
interface Vlan1
no ip address
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string 123456
dialer persistent
dialer-group 1
no cdp enable
!
!
router eigrp 1577
network 10.110.0.0 0.0.0.255
network 192.168.0.0
network 192.168.50.0
network 192.168.69.0
network 192.168.200.0
!
no ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:CME_GUI
!
no ip nat service sip udp port 5060
ip nat inside source list 151 interface Cellular0/3/0 overload
ip nat inside source static tcp 192.168.69.223 6969 interface cellular 0/3/0 6969
ip route 0.0.0.0 0.0.0.0 Cellular0/3/0 track 10
ip route 0.0.0.0 0.0.0.0 192.168.0.254 10 track 20
ip route 4.2.2.2 255.255.255.255 Cellular0/3/0
ip route 10.110.0.2 255.255.255.255 SM2/0
!
ip sla auto discovery
ip sla 1
icmp-echo 4.2.2.2 source-interface Cellular0/3/0
threshold 750
timeout 900
frequency 1
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.168.0.254 source-ip 192.168.0.253
threshold 750
timeout 900
frequency 1
ip sla schedule 2 life forever start-time now
logging history size 500
access-list 20 remark Networks Allowed onto the Internet
access-list 20 permit 10.110.0.0 0.0.0.255
access-list 20 permit 192.168.0.0 0.0.0.255
access-list 20 permit 192.168.50.0 0.0.0.255
access-list 20 permit 192.168.51.0 0.0.0.255
access-list 20 permit 192.168.69.0 0.0.0.255
access-list 20 permit 192.168.200.0 0.0.0.255
access-list 20 permit 172.16.0.0 0.0.255.255
access-list 100 remark "Block Guest network to everything except the printers, ntp & the Internet
access-list 100 permit udp host 162.210.111.4 eq ntp host 192.168.200.1 eq ntp
access-list 100 permit ip any host 192.168.69.90
access-list 100 permit ip any host 192.168.69.91
access-list 100 permit ip any host 192.168.69.92
access-list 100 permit ip any 192.168.200.0 0.0.0.15
access-list 100 deny ip any 192.168.0.0 0.0.255.255
access-list 100 permit ip any any
access-list 151 permit ip any any
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
!
nls resp-timeout 1
cpd cr-id 1
route-map clear-df permit 10
set ip df 0
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/3/0
script dialer ltescript
modem InOut
no exec
transport input telnet
rxspeed 100000000
txspeed 50000000
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line 131
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
logging synchronous
login local
terminal-type monitor
transport input telnet ssh
transport output telnet
line vty 5 15
privilege level 15
password cisco
logging synchronous
login local
transport input telnet
transport output telnet
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 2.north-america.pool.ntp.org
ntp server 0.north-america.pool.ntp.org
ntp server 3.north-america.pool.ntp.org
ntp server 103.105.51.156 minpoll 10
ntp server 1.north-america.pool.ntp.org
!
end

1 Accepted Solution

Accepted Solutions

Having up to date firmware (with up to date code patches) is usually good, however other factors like environmental conditions, number of other customers currently sharing the bandwidth (which usually depends by the time of the day as you mentioned), etc, etc have to be considered when talking about performance/throughput.

Theoretically both cards can perform up to 100/50 mpbs (Download/Upload) see Table 1 on links below.

https://www.cisco.com/c/en/us/products/collateral/interfaces-modules/4g-lte-wireless-wan-enhanced-high-speed-wan-interface-card/datasheet_c78-710314.html

https://www.cisco.com/c/en/us/products/collateral/interfaces-modules/4g-lte-wireless-wan-enhanced-high-speed-wan-interface-card/datasheet_c78-732559.html

Sincerely, I cannot guarantee you will get a better performance/signal/service if you make the effort to acquire the VZ card.

 

Going back to the original NAT question, you need to test from Internet (outside your local network).

NAT on the Router won't translate if you attempt to test 166.168.999.999:6969 or 166.168.999.999:3389 from the internal network.

As a conclusion:

- NAT on the Router is working just fine here.

- That "yougetsignal" tool should show 166.168.999.999:3389 currently opened and if you RDP from the Internet (not from your internal network) you should get username/password prompt.

- That "yougetsignal" tool should show 166.168.999.999:6969 port opened once you disconnect your 192.168.69.223 Server from PureVPN as explained in my earlier post.

 

Lastly, either NAT configuration approach on the Router is OK to configure port forwarding.

 

ip nat inside source static tcp 192.168.69.223 6969 interface cellular 0/3/0 6969
ip nat inside source static tcp 192.168.69.61  3389 interface cellular 0/3/0 3389

 

or

ip nat source static tcp 192.168.69.223 6969 166.168.999.999 6969 extendable
ip nat source static tcp 192.168.69.61  3389 166.168.999.999 3389 extendable

Cheers!

View solution in original post

24 Replies 24

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Michael,

try to add the extendable keyword at the end of the static nat statement

 

ip nat inside source static tcp 192.168.69.223 6969 interface cellular 0/3/0 6969

config t

no ip nat inside source static tcp 192.168.69.223 6969 interface cellular 0/3/0 6969

ip nat inside source static tcp 192.168.69.223 6969 interface cellular 0/3/0 6969 extendable

 

Hope to help

Giuseppe

 

You cannot add the extendable command when using the interface cellular 0/3/0 option so I added this instead:

ip nat inside source static tcp 192.168.69.223 6969 166.168.999.999 6969 extendable

Sadly, no luck.

Port 6969 is closed  still

Could you please share with us show ip nat translations | include 192.168.69.223|Pro ?

I've seen issues when the NAT configuration is referencing an ACL that has an ip any any entry just like you have:

ip nat inside source list 151 interface Cellular0/3/0 overload
. . . access-list 151 permit ip any any

Can you modify that ACL 151 to match specific subnets? Similar to:

ip access-list extended 151
 permit ip 10.0.0.0 0.255.255.255 any
 permit ip 172.16.0.0 0.15.255.255 any
 permit ip 192.168.0.0 0.0.255.255 any
 no 10 permit ip any any

That should permit the complete RFC1918 (Private IP addressing) range.

 

If (or once) you perform that change, share again show ip nat translations | include 192.168.69.223|Pro

Then, test with NMAP again and gather show ip nat translations | include 192.168.69.223|Pro just like after doing so.

I want to make sure with those outputs that the Router is translation the traffic correctly traffic coming from the Internet to your internal server 192.168.69.223.

 

Note that if you are behind an interface with ip nat inside (in other words, the internal network), the static NAT (aka port forwarding) won't translate the traffic if Nmap is scanning your Public IP and you expect port forwarding to work.

If your Nmap scan is coming from the Internet (coming via the ip nat outside interface), then yes, Nmap can hit your Public IP and port forwarding should work.

If you are in your Inside network, Nmap needs to scan your Private IP address 192.168.69.223 directly.

The same applies for your application once you have it working.

 

As a side note, I noticed you have CEF disabled on your interfaces with the command no ip route-cache.

This can potentially affect the performance of your Router. You should only disable CEF if you have a strong reason to do so, like to avoid hitting a known caveat.

 

I hope this helps.

 

DISCLAIMER:

The configurations discussed in this post can be merely templates and may not be final configurations that can be just copied & pasted to any network device in a production environment. It is responsibility of whoever follows this suggestions to review, evaluate and modify the configurations at convenience. Ensure that you understand the potential impact of any command. In all cases, make sure not to lose remote management access to the device. It is highly suggested to introduce changes to live networks only during maintenance windows. The author of this post is not responsible of unintended consequences by failing to follow this disclaimer note.

 

 

Hello Hector,

thanks for the note about the use of NMAP scanning from the inside vs using NMAP scanning from the outside.

 

I think you have likely found the issue experienced by the original poster.

 

Best Regards

Giuseppe

 

ip cef has been implanted but ipv6 cef is disabled as we do not utilize ipv6 here.

-----------------------------------------------------------------------------------------------------------------------
Before any changes

TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro
Pro Inside global Inside local Outside local Outside global
gre 166.168.999.999:1246 192.168.69.223:1246 206.123.129.1:1246 206.123.129.1:1246
tcp 166.168.999.999:1452 192.168.69.223:1452 206.123.129.1:1723 206.123.129.1:1723
tcp 166.168.999.999:6969 192.168.69.223:6969 --- ---
gre 166.168.999.999:24364 192.168.69.223:24364 206.123.129.1:24364 206.123.129.1:24364

changes made

ip access-list extended 151
permit ip 10.0.0.0 0.255.255.255 any
permit ip 172.16.0.0 0.15.255.255 any
permit ip 192.168.0.0 0.0.255.255 any
no 10 permit ip any any

-----------------------------------------------------------------------------------------------------------------------
right after changes made

TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro
Pro Inside global Inside local Outside local Outside global
gre 166.168.999.999:1246 192.168.69.223:1246 206.123.129.1:1246 206.123.129.1:1246
tcp 166.168.999.999:1452 192.168.69.223:1452 206.123.129.1:1723 206.123.129.1:1723
tcp 166.168.999.999:6969 192.168.69.223:6969 --- ---

-----------------------------------------------------------------------------------------------------------------------
nmap run exactly the same as before. It is on my PC which is ip 192.168.69.101 and is on the ip nat inside interface

Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-01 13:03 Eastern Daylight Time

NSE: Loaded 148 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 13:03

Completed NSE at 13:03, 0.00s elapsed

Initiating NSE at 13:03

Completed NSE at 13:03, 0.00s elapsed

Initiating Ping Scan at 13:03

Scanning 166.168.999.999 [4 ports]

Completed Ping Scan at 13:03, 0.18s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 13:03

Completed Parallel DNS resolution of 1 host. at 13:03, 0.39s elapsed

Initiating SYN Stealth Scan at 13:03

Scanning 999.sub-166-168-999.myvzw.com (166.168.999.999) [1000 ports]

Discovered open port 1720/tcp on 166.168.999.999

Discovered open port 23/tcp on 166.168.999.999

Discovered open port 80/tcp on 166.168.999.999

Discovered open port 22/tcp on 166.168.999.999

Discovered open port 443/tcp on 166.168.999.999

Discovered open port 5060/tcp on 166.168.999.999

Discovered open port 5061/tcp on 166.168.999.999

Discovered open port 2000/tcp on 166.168.999.999

Completed SYN Stealth Scan at 13:03, 1.59s elapsed (1000 total ports)

Initiating Service scan at 13:03

Scanning 8 services on 999.sub-166-168-999.myvzw.com (166.168.999.999)

Completed Service scan at 13:06, 156.08s elapsed (8 services on 1 host)

Initiating OS detection (try #1) against 999.sub-166-168-999.myvzw.com (166.168.999.999)

Initiating Traceroute at 13:06

Completed Traceroute at 13:06, 0.02s elapsed

Initiating Parallel DNS resolution of 2 hosts. at 13:06

Completed Parallel DNS resolution of 2 hosts. at 13:06, 0.10s elapsed

NSE: Script scanning 166.168.999.999.

Initiating NSE at 13:06

Completed NSE at 13:06, 9.74s elapsed

Initiating NSE at 13:06

Completed NSE at 13:06, 1.03s elapsed

Nmap scan report for 999.sub-166-168-999.myvzw.com (166.168.999.999)

Host is up (0.0032s latency).

Not shown: 992 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh Cisco SSH 1.25 (protocol 1.99)

| ssh-hostkey:

| 1024 1c:a5:3f:06:5e:a0:99:7a:43:de:24:51:1d:0a:8f:5a (RSA1)

|_ 1024 bf:41:f5:4e:fa:7e:a2:23:a2:3c:a8:56:dc:e3:5c:97 (RSA)

|_sshv1: Server supports SSHv1

23/tcp open telnet Cisco IOS telnetd

80/tcp open http Cisco IOS http config

| http-auth:

| HTTP/1.1 401 Unauthorized\x0D

|_ Basic realm=level_15 or view_access

|_http-server-header: cisco-IOS

|_http-title: Site doesn't have a title.

443/tcp open ssl/http Cisco IOS http config

| http-auth:

| HTTP/1.1 401 Unauthorized\x0D

|_ Basic realm=level_15 or view_access

|_http-server-header: cisco-IOS

|_http-title: Site doesn't have a title.

| ssl-cert: Subject: commonName=IOS-Self-Signed-Certificate-3318662159

| Subject Alternative Name: DNS:TDC_CME_Router.local

| Issuer: commonName=IOS-Self-Signed-Certificate-3318662159

| Public Key type: rsa

| Public Key bits: 1024

| Signature Algorithm: md5WithRSAEncryption

| Not valid before: 2018-12-20T15:32:42

| Not valid after: 2020-01-01T00:00:00

| MD5: 739b 4610 47dc b066 da2f 991a 933e 3ae6

|_SHA-1: f02e 7d42 e244 91d7 5663 ae5a c11c f25e 6a8d 9a3f

|_ssl-date: 2019-06-01T17:08:38+00:00; +2m02s from scanner time.

1720/tcp open h323q931?

2000/tcp open cisco-sccp?

5060/tcp open sip-proxy Cisco SIP Gateway (IOS 15.2.4.M1)

|_sip-methods: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER

5061/tcp open tcpwrapped

OS details: Cisco 836, 890, 1751, 1841, 2800, or 2900 router (IOS 12.4 - 15.1), Cisco Aironet 2600-series WAP (IOS 15.2(2))

Network Distance: 2 hops

TCP Sequence Prediction: Difficulty=260 (Good luck!)

IP ID Sequence Generation: Randomized

Service Info: OS: IOS; Devices: switch, router; CPE: cpe:/o:cisco:ios

 

Host script results:

|_clock-skew: mean: 2m01s, deviation: 0s, median: 2m01s

 

TRACEROUTE (using port 3306/tcp)

HOP RTT ADDRESS

1 1.00 ms 192.168.69.2

2 1.00 ms 999.sub-166-168-999.myvzw.com (166.168.999.999)

 

NSE: Script Post-scanning.

Initiating NSE at 13:06

Completed NSE at 13:06, 0.00s elapsed

Initiating NSE at 13:06

Completed NSE at 13:06, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 173.28 seconds

Raw packets sent: 1135 (51.586KB) | Rcvd: 1031 (41.662KB)

-----------------------------------------------------------------------------------------------------------------------
nmap from my PC 192.168.69.101 to 192.168.69.223

Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-01 13:10 Eastern Daylight Time

NSE: Loaded 148 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 13:10

Completed NSE at 13:10, 0.00s elapsed

Initiating NSE at 13:10

Completed NSE at 13:10, 0.00s elapsed

Initiating ARP Ping Scan at 13:10

Scanning 192.168.69.223 [1 port]

Completed ARP Ping Scan at 13:10, 0.18s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 13:10

Completed Parallel DNS resolution of 1 host. at 13:10, 0.10s elapsed

Initiating SYN Stealth Scan at 13:10

Scanning 192.168.69.223 [1000 ports]

Discovered open port 443/tcp on 192.168.69.223

Discovered open port 21/tcp on 192.168.69.223

Discovered open port 1025/tcp on 192.168.69.223

Discovered open port 445/tcp on 192.168.69.223

Discovered open port 139/tcp on 192.168.69.223

Discovered open port 135/tcp on 192.168.69.223

Discovered open port 8080/tcp on 192.168.69.223

Discovered open port 9090/tcp on 192.168.69.223

Discovered open port 2222/tcp on 192.168.69.223

Discovered open port 15003/tcp on 192.168.69.223

Discovered open port 8099/tcp on 192.168.69.223

Discovered open port 6969/tcp on 192.168.69.223

Completed SYN Stealth Scan at 13:10, 1.55s elapsed (1000 total ports)

Initiating Service scan at 13:10

Scanning 12 services on 192.168.69.223

Completed Service scan at 13:11, 56.06s elapsed (12 services on 1 host)

Initiating OS detection (try #1) against 192.168.69.223

NSE: Script scanning 192.168.69.223.

Initiating NSE at 13:11

Completed NSE at 13:15, 251.59s elapsed

Initiating NSE at 13:15

Completed NSE at 13:15, 0.01s elapsed

Nmap scan report for 192.168.69.223

Host is up (0.00011s latency).

Not shown: 988 closed ports

PORT STATE SERVICE VERSION

21/tcp open ftp

| fingerprint-strings:

| GenericLines, NULL:

| 220-Welcome to FTP download site.

| 220-All files on this site are provided for educational purposed ONLY! These files are copywrite protected and are not to be used in a commercial environment. Please review the file's owner's web site for copyright information.

| CrushFTP Server Ready!

| Help, SSLSessionReq:

| 220-Welcome to FTP download site.

| 220-All files on this site are provided for educational purposed ONLY! These files are copywrite protected and are not to be used in a commercial environment. Please review the file's owner's web site for copyright information.

| CrushFTP Server Ready!

|_ Command not recognized or allowed.

| ssl-cert: Subject: commonName=www.crushftp.com/organizationName=CrushFTP, LLC/stateOrProvinceName=NV/countryName=US

| Issuer: commonName=www.crushftp.com/organizationName=CrushFTP, LLC/stateOrProvinceName=NV/countryName=US

| Public Key type: rsa

| Public Key bits: 2048

| Signature Algorithm: sha256WithRSAEncryption

| Not valid before: 2016-01-22T18:04:58

| Not valid after: 2043-06-08T18:04:58

| MD5: 1de0 16cb 3db....2 e512

|_SHA-1: 5ce7 b8cc 0.... 800a 305c

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

443/tcp open ssl/http CrushFTP DAV httpd (User username)

|_http-favicon: Unknown favicon MD5: 297A81069094D00A052733D3A0537D18

| http-methods:

| Supported Methods: GET HEAD OPTIONS PUT POST COPY PROPFIND DELETE LOCK MKCOL MOVE PROPPATCH UNLOCK ACL TRACE

|_ Potentially risky methods: PUT COPY PROPFIND DELETE LOCK MKCOL MOVE PROPPATCH UNLOCK ACL TRACE

| http-title: CrushFTP WebInterface

|_Requested resource was /WebInterface/login.html

|_http-trane-info: Problem with XML parsing of /evox/about

| http-webdav-scan:

| Allowed Methods: GET, HEAD, OPTIONS, PUT, POST, COPY, PROPFIND, DELETE, LOCK, MKCOL, MOVE, PROPPATCH, UNLOCK, ACL, TRACE

| Server Date: Sat, 01 Jun 2019 17:13:14 GMT

| Server Type: CrushFTP HTTP Server

|_ WebDAV type: Apache DAV

| ssl-cert: Subject: commonName=www.crushftp.com/organizationName=CrushFTP, LLC/stateOrProvinceName=NV/countryName=US

| Issuer: commonName=www.crushftp.com/organizationName=CrushFTP, LLC/stateOrProvinceName=NV/countryName=US

| Public Key type: rsa

| Public Key bits: 2048

| Signature Algorithm: sha256WithRSAEncryption

| Not valid before: 2016-01-22T18:04:58

| Not valid after: 2043-06-08T18:04:58

| MD5: 1de0 1....ac9 3902 e512

|_SHA-1: 5ce7 b8cc 0....46 d7f1 3184 800a 305c

445/tcp open microsoft-ds Windows Server 2003 3790 Service Pack 2 microsoft-ds

1025/tcp open msrpc Microsoft Windows RPC

2222/tcp open ssh CrushFTP sftpd (protocol 2.0)

| ssh-hostkey:

| 1024 ef:27:b9:09....:69:f1:25:ac:68 (DSA)

|_ 1024 84:84:a7:4....9c:76:56 (RSA)

6969/tcp open ms-wbt-server Microsoft Terminal Service

8080/tcp open http CrushFTP DAV httpd (User username)

|_http-favicon: Unknown favicon MD5: 297A81069094D00A052733D3A0537D18

| http-methods:

| Supported Methods: GET HEAD OPTIONS PUT POST COPY PROPFIND DELETE LOCK MKCOL MOVE PROPPATCH UNLOCK ACL TRACE

|_ Potentially risky methods: PUT COPY PROPFIND DELETE LOCK MKCOL MOVE PROPPATCH UNLOCK ACL TRACE

| http-title: CrushFTP WebInterface

|_Requested resource was /WebInterface/login.html

|_http-trane-info: Problem with XML parsing of /evox/about

| http-webdav-scan:

| Allowed Methods: GET, HEAD, OPTIONS, PUT, POST, COPY, PROPFIND, DELETE, LOCK, MKCOL, MOVE, PROPPATCH, UNLOCK, ACL, TRACE

| Server Date: Sat, 01 Jun 2019 17:13:15 GMT

| Server Type: CrushFTP HTTP Server

|_ WebDAV type: Apache DAV

8099/tcp open remoting MS .NET Remoting services

9090/tcp open hadoop-tasktracker Apache Hadoop (User username)

| hadoop-datanode-info:

|_ Logs: LoginButtonText

| hadoop-tasktracker-info:

|_ Logs: LoginButtonText

|_http-favicon: Unknown favicon MD5: 297A81069094D00A052733D3A0537D18

| http-methods:

| Supported Methods: GET HEAD OPTIONS PUT POST COPY PROPFIND DELETE LOCK MKCOL MOVE PROPPATCH UNLOCK ACL TRACE

|_ Potentially risky methods: PUT COPY PROPFIND DELETE LOCK MKCOL MOVE PROPPATCH UNLOCK ACL TRACE

| http-title: CrushFTP WebInterface

|_Requested resource was /WebInterface/login.html

|_http-trane-info: Problem with XML parsing of /evox/about

| http-webdav-scan:

| Allowed Methods: GET, HEAD, OPTIONS, PUT, POST, COPY, PROPFIND, DELETE, LOCK, MKCOL, MOVE, PROPPATCH, UNLOCK, ACL, TRACE

| Server Date: Sat, 01 Jun 2019 17:13:14 GMT

| Server Type: CrushFTP HTTP Server

|_ WebDAV type: Apache DAV

15003/tcp open tcpwrapped

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port21-TCP:V=7.70%I=7%D=6/1%Time=5CF2B1A0%P=i686-pc-windows-windows%r(N

SF:ULL,147,"220-Welcome\x20to\x20Certification\x20Training\x20Solutions\x2

SF:0FTP\x20download\x20site\.\r\n220-All\x20files\x20on\x20this\x20site\x2

SF:0are\x20provided\x20for\x20educational\x20purposed\x20ONLY!\x20\x20Thes

SF:e\x20files\x20are\x20copywrite\x20protected\x20and\x20are\x20not\x20to\

SF:x20be\x20used\x20in\x20a\x20commercial\x20environment\.\x20\x20Please\x

SF:20review\x20the\x20file's\x20owner's\x20web\x20site\x20for\x20copyright

SF:\x20information\.\r\n220\x20CrushFTP\x20Server\x20Ready!\r\n")%r(Generi

SF:cLines,147,"220-Welcome\x20to\x20Certification\x20Training\x20Solutions

SF:\x20FTP\x20download\x20site\.\r\n220-All\x20files\x20on\x20this\x20site

SF:\x20are\x20provided\x20for\x20educational\x20purposed\x20ONLY!\x20\x20T

SF:hese\x20files\x20are\x20copywrite\x20protected\x20and\x20are\x20not\x20

SF:to\x20be\x20used\x20in\x20a\x20commercial\x20environment\.\x20\x20Pleas

SF:e\x20review\x20the\x20file's\x20owner's\x20web\x20site\x20for\x20copyri

SF:ght\x20information\.\r\n220\x20CrushFTP\x20Server\x20Ready!\r\n")%r(Hel

SF:p,16F,"220-Welcome\x20to\x20Certification\x20Training\x20Solutions\x20F

SF:TP\x20download\x20site\.\r\n220-All\x20files\x20on\x20this\x20site\x20a

SF:re\x20provided\x20for\x20educational\x20purposed\x20ONLY!\x20\x20These\

SF:x20files\x20are\x20copywrite\x20protected\x20and\x20are\x20not\x20to\x2

SF:0be\x20used\x20in\x20a\x20commercial\x20environment\.\x20\x20Please\x20

SF:review\x20the\x20file's\x20owner's\x20web\x20site\x20for\x20copyright\x

SF:20information\.\r\n220\x20CrushFTP\x20Server\x20Ready!\r\n550\x20Comman

SF:d\x20not\x20recognized\x20or\x20allowed\.\r\n")%r(SSLSessionReq,16F,"22

SF:0-Welcome\x20to\x20Certification\x20Training\x20Solutions\x20FTP\x20dow

SF:nload\x20site\.\r\n220-All\x20files\x20on\x20this\x20site\x20are\x20pro

SF:vided\x20for\x20educational\x20purposed\x20ONLY!\x20\x20These\x20files\

SF:x20are\x20copywrite\x20protected\x20and\x20are\x20not\x20to\x20be\x20us

SF:ed\x20in\x20a\x20commercial\x20environment\.\x20\x20Please\x20review\x2

SF:0the\x20file's\x20owner's\x20web\x20site\x20for\x20copyright\x20informa

SF:tion\.\r\n220\x20CrushFTP\x20Server\x20Ready!\r\n550\x20Command\x20not\

SF:x20recognized\x20or\x20allowed\.\r\n");

MAC Address: 00:0C:29:75:E1:6F (VMware)

Device type: general purpose

Running: Microsoft Windows 2003

OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2

OS details: Microsoft Windows Server 2003 SP1 or SP2

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=262 (Good luck!)

IP ID Sequence Generation: Incremental

Service Info: Hosts: Welcome, sslngn018; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2003

 

Host script results:

|_clock-skew: mean: 2h01m25s, deviation: 2h49m43s, median: 1m24s

| nbstat: NetBIOS name: WEB-FTP, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:75:e1:6f (VMware)

| Names:

| WEB-FTP<00> Flags: <unique><active>

| TDC<00> Flags: <group><active>

| WEB-FTP<20> Flags: <unique><active>

| TDC<1e> Flags: <group><active>

| TDC<1d> Flags: <unique><active>

|_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| smb-os-discovery:

| OS: Windows Server 2003 3790 Service Pack 2 (Windows Server 2003 5.2)

| OS CPE: cpe:/o:microsoft:windows_server_2003::sp2

| Computer name: web-ftp

| NetBIOS computer name: WEB-FTP\x00

| Domain name: TDC.CORP

| FQDN: web-ftp.TDC.CORP

|_ System time: 2019-06-01T13:13:14-04:00

| smb-security-mode:

| account_used: guest

| authentication_level: user

| challenge_response: supported

|_ message_signing: required

|_smb2-time: Protocol negotiation failed (SMB2)

 

TRACEROUTE

HOP RTT ADDRESS

1 0.999 ms 192.168.69.223

 

NSE: Script Post-scanning.

Initiating NSE at 13:15

Completed NSE at 13:15, 0.00s elapsed

Initiating NSE at 13:15

Completed NSE at 13:15, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 313.33 seconds

Raw packets sent: 1104 (49.274KB) | Rcvd: 1018 (41.326KB)

From url:https://www.yougetsignal.com/tools/open-ports/ when I ping 168.166.999.999 port 6969 I get the following result

Port 6969 is closed on 166.168.999.999

Hello Michael,

from the router point of view the NAT translation is present and correct

 

TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro
Pro Inside global Inside local Outside local Outside global
gre 166.168.999.999:1246 192.168.69.223:1246 206.123.129.1:1246 206.123.129.1:1246
tcp 166.168.999.999:1452 192.168.69.223:1452 206.123.129.1:1723 206.123.129.1:1723
tcp 166.168.999.999:6969 192.168.69.223:6969 --- ---

 

You have clearly  changed the IP addresses for your security because 166.168.999.999 is NOT an IPv4 address.

 

the nmap fails from the inside when sent to the router as explained by Hector.

 

Also the nmap fails for TCP port 6969 when you test the internal IP address of the server.

>>So you have not  an application listening to TCP 6969 on the server.

 

the NAT configuration on the router looks like correct.

 

Hope to help

Giuseppe

 

This output looks good to me:

 

TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro
Pro Inside global        Inside local        Outside local Outside global
tcp 166.168.999.999:6969 192.168.69.223:6969 ---           ---

 

When your ip nat ouside interface receives a TCP SYN packet destined to 166.168.999.999:6969, I would expect to see an entry created, like:

 

 

TDC_CME_Router#show ip nat translations | include 192.168.69.223:6969|Pro
Pro Inside global         Inside local       Outside local         Outside global
tcp 166.168.999.999:6969 192.168.69.223:6969 999.999.999.999:61423 999.999.999.999:61423
tcp 166.168.999.999:6969 192.168.69.223:6969 ---             ---
TDC_CME_Router#

If that entry is created once you start the traffic, NAT/port forwarding should be working OK.

 

I am assuming 192.168.69.1 is your Server's Gateway and that your Router can ping the Server. I'm mentioning this to make sure the Server replies to the Router when receiving the TCP SYN to port 6969.

 

 

Ultimately, let's test if your Public IP is indeed receiving the TCP SYN packet to port 6969. One way is to use an ACL on the WAN interface that will increase counters for the specific traffic and permit everything else. For instance:

 

TDC_CME_Router#conf t
TDC_CME_Router(config)#ip access-list extended TEST
TDC_CME_Router(config-ext-nacl)#permit tcp any host 166.168.999.999 eq 6969
TDC_CME_Router(config-ext-nacl)#permit ip any any

TDC_CME_Router(config-ext-nacl)#interface cellular0/3/0 TDC_CME_Router(config-if)#ip access-group TEST in
// Run your scanner from the Internet.
TDC_CME_Router#show access-list TEST Extended IP access list TEST 10 permit tcp any host 166.168.999.999 eq 6969 (4 matches) 20 permit ip any any TDC_CME_Router#

 

 

I applied your access-list and ran this test before I tried from the interent.

TDC_CME_Router#show access-list TEST
Extended IP access list TEST
10 permit tcp any host 166.168.11.161 eq 6969
20 permit ip any any (174 matches)

 

After testing from the internet site

Extended IP access list TEST
10 permit tcp any host 166.168.11.161 eq 6969 (6 matches)
20 permit ip any any (861 matches)

I now see 6 matches so that tells me that the port is own on the router. Correct?

My CME router's IP is 192.168.69.1.  From the router I can ping my server 192.168.69.223.

TDC_CME_Router#ping 192.168.69.223
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.69.223, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Ran this again.

TDC_CME_Router#show ip nat translations | include 192.168.69.223:6969|Pro
Pro Inside global Inside local Outside local Outside global
tcp 166.168.11.161:6969 192.168.69.223:6969 --- ---

From any PC on my internal network I can connect to the server via RDC at 192.168.69.223:6969 so I am sure the port on the server is open. But from the Internet I cannot RDC to 166.168.999.999:6969

Should be working by now, configuration is fine and show ip nat translations looks good showing the static NAT entry. We are missing the translations created once the traffic hits the Public IP port TCP 6969.

Moving forward:

Let's make sure you have CEF enabled.

 

interface GigabitEthernet0/0
 ip route-cache

If the issue persists, let's remove/re-apply the ip nat inside source static configuration line.

 

If that doesn't solve this, let's save the config and reload.

If still no translations for port TCP 6969, let's upgrade. I see your Router is running IOS 15.2 (from earlier show run). Ultimately, let's make sure the device is running the Suggested or Latest version in Cisco.com.

There are 3945 and 3945e Hardware versions, each require different images. Yours seems to be 3945 (as per C3900-SPE100/K9 seen in show run which should be the "not e" version).

 

Software Download
3945 Integrated Services Router

I do have a different version of IOS, c3900-universalk9-mz.SPA.157-3.M3.bin.  However, when I load that version I loose my cellular connection and thus, internet access.  I tried for several hours (with Verizon's help) to get it working to no avail.  I do not and am not in a position to get a Cisco support contract.  If someone is willing to help via telephone (since there will be no internet access) to get 15.7 working, I would most appreciate it!  Sadly, there is no DSL, or cable out here and MPLS and fiber are just too expensive.

 

When I first added route-cache to ALL of my interfaces, I now get these results:

TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro
Pro Inside global Inside local Outside local Outside global
tcp 166.168.11.161:2668 192.168.69.223:2668 206.123.129.1:1723 206.123.129.1:1723
tcp 166.168.11.161:6969 192.168.69.223:6969 --- ---
gre 166.168.11.161:8469 192.168.69.223:8469 206.123.129.1:8469 206.123.129.1:8469
gre 166.168.11.161:55353 192.168.69.223:55353 206.123.129.1:55353 206.123.129.1:55353

No change so I rebooted the router. And again, no change.  So I pinged the server from the router and for one and ONLY test from the internet did it report the port open.  From that point on it reports closed (even when I rebooted the router again).  Here is the results once the port opened/closed, I ran this many times.

TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro
Pro Inside global Inside local Outside local Outside global
tcp 166.168.999.999:2668 192.168.69.223:2668 206.123.129.1:1723 206.123.129.1:1723
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46906 198.199.98.246:46906
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46908 198.199.98.246:46908
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46909 198.199.98.246:46909
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46910 198.199.98.246:46910
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46911 198.199.98.246:46911
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46913 198.199.98.246:46913
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46914 198.199.98.246:46914
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46916 198.199.98.246:46916
tcp 166.168.999.999:6969 192.168.69.223:6969 --- ---
gre 166.168.999.999:8469 192.168.69.223:8469 206.123.129.1:8469 206.123.129.1:8469
gre 166.168.999.999:55353 192.168.69.223:55353 206.123.129.1:55353 206.123.129.1:55353

I even tried changing ip nat inside source static tcp 192.168.69.223 6969 166.168.999.999 6969 extendable to ip nat inside source static tcp 192.168.69.223 6969 interface Cellular0/3/0 6969 but that did not help.

I welcome any ideas including remote assistance.

 

 

 

 

Could you please share a fresh show run, show version and show inventory outputs? You can sanitize your Serial numbers and Public IPs.

Yes, we expect to see these translations created dynamically once you initiate the traffic from the outside:

TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro
Pro Inside global Inside local Outside local Outside global
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46906 198.199.98.246:46906
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46908 198.199.98.246:46908
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46909 198.199.98.246:46909
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46910 198.199.98.246:46910
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46911 198.199.98.246:46911
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46913 198.199.98.246:46913
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46914 198.199.98.246:46914
tcp 166.168.999.999:6969 192.168.69.223:6969 198.199.98.246:46916 198.199.98.246:46916
tcp 166.168.999.999:6969 192.168.69.223:6969 --- ---

So those aren't always happening, right?

Yes, it should be working.

20:26:04.120 DST Sun Jun 2 2019
TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro  These are happening now?
Pro Inside global Inside local Outside local Outside global
tcp 166.168.11.161:2697 192.168.69.223:2697 206.123.129.1:1723 206.123.129.1:1723
tcp 166.168.11.161:6969 192.168.69.223:6969 198.199.98.246:50153 198.199.98.246:50153
tcp 166.168.11.161:6969 192.168.69.223:6969 198.199.98.246:50158 198.199.98.246:50158
tcp 166.168.11.161:6969 192.168.69.223:6969 198.199.98.246:50160 198.199.98.246:50160
tcp 166.168.11.161:6969 192.168.69.223:6969 --- ---
gre 166.168.11.161:36272 192.168.69.223:36272 206.123.129.1:36272 206.123.129.1:36272
gre 166.168.11.161:47426 192.168.69.223:47426 206.123.129.1:47426 206.123.129.1:47426


TDC_CME_Router#sh clock
20:26:04.120 DST Sun Jun 2 2019
TDC_CME_Router#show ip nat translations | include 192.168.69.223|Pro
Pro Inside global Inside local Outside local Outside global
tcp 166.168.11.161:2697 192.168.69.223:2697 206.123.129.1:1723 206.123.129.1:1723
tcp 166.168.11.161:6969 192.168.69.223:6969 198.199.98.246:50153 198.199.98.246:50153
tcp 166.168.11.161:6969 192.168.69.223:6969 198.199.98.246:50158 198.199.98.246:50158
tcp 166.168.11.161:6969 192.168.69.223:6969 198.199.98.246:50160 198.199.98.246:50160
tcp 166.168.11.161:6969 192.168.69.223:6969 --- ---
gre 166.168.11.161:36272 192.168.69.223:36272 206.123.129.1:36272 206.123.129.1:36272
gre 166.168.11.161:47426 192.168.69.223:47426 206.123.129.1:47426 206.123.129.1:47426
TDC_CME_Router#


TDC_CME_Router#sh ver
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.2(4)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 26-Jul-12 23:35 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M6, RELEASE SOFTWARE (fc1)

TDC_CME_Router uptime is 8 hours, 40 minutes
System returned to ROM by reload at 11:45:49 DST Sun Jun 2 2019
System restarted at 11:47:32 DST Sun Jun 2 2019
System image file is "flash0:c3900-universalk9-mz.SPA.152-4.M1.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command

Cisco CISCO3925-CHASSIS (revision 1.0) with C3900-SPE100/K9 with 993280K/55296K bytes of memory.
Processor board ID FTX7
1 FastEthernet interface
4 Gigabit Ethernet interfaces
4 terminal lines
1 Virtual Private Network (VPN) Module
4 Cellular interfaces
1 cisco Integrated Service Engine(s)
Cisco WLAN Controller 4.2.205.0 in slot/sub-slot 1/0
1 Services Module (SM) with Services Ready Engine (SRE)
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
511056K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 C3900-SPE100/K9 FOCC

Technology Package License Information for Module:'c3900'

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data None None None

Configuration register is 0x2102


TDC_CME_Router#sh inv
NAME: "CISCO3925-CHASSIS", DESCR: "CISCO3925-CHASSIS"
PID: CISCO3925-CHASSIS , VID: V01 , SN: FTX7

NAME: "Cisco Services Performance Engine 100 for Cisco 3900 ISR on Slot 0", DESCR: "Cisco Services Performance Engine 100 for Cisco 3900 ISR"
PID: C3900-SPE100/K9 , VID: V02 , SN: FOCC

NAME: "One-Port Fast Ethernet High Speed WAN Interface Card on Slot 0 SubSlot 0", DESCR: "One-Port Fast Ethernet High Speed WAN Interface Card"
PID: HWIC-1FE , VID: V01 , SN: FOCF

NAME: "4G WWAN EHWIC - Verizon Multimode LTE/eHRPD/EVDO RevA/Rev0/1xRTT on Slot 0 SubSlot 3", DESCR: "4G WWAN EHWIC - Verizon Multimode LTE/eHRPD/EVDO RevA/Rev0/1xRTT"
PID: EHWIC-4G-LTE-V , VID: V02 , SN: FOCK

NAME: "Modem 0 on Cellular0/3/0", DESCR: "Sierra Wireless MC7750 4G-V"
PID: MC7750 , VID: 10 , SN: 990362

NAME: "PVDM3 DSP DIMM with 64 Channels on Slot 0 SubSlot 4", DESCR: "PVDM3 DSP DIMM with 64 Channels"
PID: PVDM3-64 , VID: V01 , SN: FOCV

NAME: "Network Module Adapter for SM Slot on Slot 1", DESCR: "Network Module Adapter for SM Slot"
PID: SM-NM-ADPTR-S , VID: V01 , SN: FOCZ

NAME: "Integrated Service Engine for Modular and Integrated Services Routers on Slot 1", DESCR: "Integrated Service Engine for Modular and Integrated Services Routers"
PID: NME-AIR-WLC12-K9 , VID: V02 , SN: FOC8

NAME: "Services Module with Services Ready Engine on Slot 2", DESCR: "Services Module with Services Ready Engine"
PID: SM-SRE-700-K9 , VID: V03, SN: FOCL

NAME: "C3900 AC Power Supply 1", DESCR: "C3900 AC Power Supply 1"
PID: PWR-3900-AC , VID: V01 , SN: SNIF


TDC_CME_Router#sh env
SYSTEM POWER SUPPLY STATUS
==========================
Internal Power Supply 1 Type: AC
Internal Power Supply 1 12V Output Status: Normal

Internal Power Supply 2 Type: Absent

SYSTEM FAN STATUS
=================
Fan 1 OK, Low speed setting
Fan 2 OK, Low speed setting
Fan 3 OK, Low speed setting
Fan 4 OK, Low speed setting
Fan 5 OK, Low speed setting

SYSTEM TEMPERATURE STATUS
=========================
Intake Left temperature: 22 Celsius, Normal
Intake Right temperature: 22 Celsius, Normal
Exhaust Right temperature: 23 Celsius, Normal
Exhaust Left temperature: 24 Celsius, Normal
CPU temperature: 54 Celsius, Normal
Power Supply Unit 1 temperature: 29 Celsius, Normal

REAL TIME CLOCK BATTERY STATUS
==============================
Battery OK (checked at power up)

SYSTEM POWER
===============
Motherboard Components Power consumption = 107.0 WPower consumption =
NM/SM slot 1 21.5 WPower consumption =
NM/SM slot 2 35.3 W
Total System Power consumption is: 163.8 W

Environmental information last updated 00:00:14 ago

 

Current configuration : 37377 bytes
!
! No configuration change since last restart
version 15.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime year
service password-encryption
service internal
service sequence-numbers
!
hostname TDC_CME_Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$3PY48ml1/
!
no aaa new-model
clock timezone EST -5 0
clock summer-time DST recurring
!
!
crypto pki trustpoint TP-self-signed-33
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-339
revocation-check none
rsakeypair TP-self-signed-339
!
!
crypto pki certificate chain TP-self-signed-3318662159
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333138 36363231 3539301E 170D3138 31323230 31353332
34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33313836
36323135 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
092A8648 86F70D01 01040500 03818100 02CC0110 7DC2355E 045BE94F D6991A4E
8CE1EC47 7B2B8630 72F38E72 774F0706 0636B1EB FCEF7C3D D629630C CE5F761D
ADF1073D 3222259C 290A63BF 6B93FC99 E9AB32D1 C4980427 9CDB03BA 8C964379
B557EAC1 EB6DD51A 8B7F4967 908C54B6 ADC72EB8 D5678318 76FA7141 693AF1C1
7819D0E7 7C444619 4A1A5AB9 D28315F6
quit
!
ip traffic-export profile Anveo mode capture
bidirectional
!
!
!
!
!
!
!
ip dhcp smart-relay
ip dhcp relay information option
ip dhcp excluded-address 10.110.0.1 10.110.0.20
ip dhcp excluded-address 192.168.0.1 192.168.0.155
ip dhcp excluded-address 192.168.0.200 192.168.0.254
ip dhcp excluded-address 192.168.69.1 192.168.69.240
ip dhcp excluded-address 192.168.70.1 192.168.70.20
ip dhcp excluded-address 192.168.200.1 192.168.200.240
ip dhcp excluded-address 192.168.50.1 192.168.50.200
!
ip dhcp pool Voice
network 10.110.0.0 255.255.255.0
default-router 10.110.0.1
option 150 ip 10.110.0.1
dns-server 1.1.1.1
domain-name thecorporation.com
lease 0 12
!
ip dhcp pool Users
network 192.168.69.0 255.255.255.0
default-router 192.168.69.1
domain-name thecorporation.com
dns-server 1.1.1.1
option 150 ip 10.110.0.1
lease 0 12
!
ip dhcp pool TempVMware
network 192.168.70.0 255.255.255.0
default-router 192.168.70.1
domain-name thecorporation.com
dns-server 192.168.50.100
lease 0 12
!
ip dhcp pool Wiireless
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
domain-name thecorporation.com
dns-server 1.1.1.1
option 150 ip 10.110.0.1
lease 0 12
!
ip dhcp pool VMware
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
dns-server 192.168.50.5
lease 0 12
!
!
!
ip name-server 1.1.1.1
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
chat-script ltescript "" "AT!CALL1" TIMEOUT 20 "OK"
password encryption aes
voice-card 0
dsp services dspfarm
!
!
!
voice service voip
ip address trusted list
ipv4 72.999.999.999
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
registrar server
!
voice class codec 1
codec preference 1 g711ulaw
!
!
voice register global
max-dn 100
max-pool 100
!
voice register pool 50
no digit collect kpml
!
!
!
voice translation-rule 2
rule 1 /\([2-9].........\)/ /1\1/
!
voice translation-rule 3
rule 1 /411/ /18003733411/
!
voice translation-rule 4
rule 1 reject /0/
!
voice translation-rule 5
rule 1 /611/ /13865551212/
!
voice translation-rule 10
rule 1 /11../ /3865551313/
rule 2 /12../ /38655511414/
!
!
voice translation-profile BLOCK-INBOUND
translate calling 4
!
voice translation-profile Eleven_Digit_Dialing
translate calling 10
!
voice translation-profile Free_411
translate called 3
!
voice translation-profile Incoming_calls
translate called 1
!
voice translation-profile Support
translate called 5
!
voice translation-profile Ten_Digit_Dialing
translate calling 10
translate called 2
!
!
!
license udi pid C3900-SPE100/K9 sn FOC1C
license accept end user agreement
license boot module c3900 technology-package securityk9
license boot module c3900 technology-package uck9
hw-module pvdm 0/0
!
hw-module sm 1
!
hw-module sm 2
!
!
!
dial-control-mib retain-timer 10080
dial-control-mib max-size 500
username mdurham privilege 15 password 7 05343
!
redundancy
notification-timer 60000
!
!
!
!
!
controller Cellular 0/3
!
!
track 10 ip sla 1 reachability
delay down 1 up 1
!
track 20 ip sla 2 reachability
delay down 1 up 1
!
!
crypto isakmp policy 100
encr aes 256
hash sha512
authentication pre-share
group 16
lifetime 3600
crypto isakmp key 6 5551212 address 0.0.0.0
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set support ah-sha512-hmac esp-3des
!
crypto ipsec profile support
set security-association lifetime seconds 86400
set transform-set support
!
!
interface Tunnel1
description mGRE - DMVPN Tunnel for customer remote support
ip address 172.16.0.1 255.255.0.0
no ip redirects
ip nhrp authentication 123456
ip nhrp map multicast dynamic
ip nhrp network-id 555
tunnel source 166.168.999.999
tunnel mode gre multipoint
tunnel protection ipsec profile support
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
no ip address
no ip route-cache cef
duplex auto
speed auto
!
interface GigabitEthernet0/0.2
description Sommer's Network
encapsulation dot1Q 2
ip address 192.168.0.253 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.50
description "VMWare Server HP DL160 Server 3"
encapsulation dot1Q 50
ip address 192.168.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.69
description "Data Network"
encapsulation dot1Q 69 native
ip address 192.168.69.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.110
description "Voice Network"
encapsulation dot1Q 110
ip address 10.110.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/0.200
description "Wireless - Guest User Network"
encapsulation dot1Q 200
ip address 192.168.200.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ip policy route-map clear-df
!
interface GigabitEthernet0/1
description "VMWare Server Dell R620 Server 1"
ip address 192.168.51.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1300
ip policy route-map clear-df
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/0
description Connection to Verizon 4G Internet
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
shutdown
duplex auto
speed auto
!
interface Integrated-Service-Engine1/0
no ip address
shutdown
no keepalive
!
interface SM2/0
description Unity-Express-Service
ip unnumbered GigabitEthernet0/0.110
ip nat inside
ip virtual-reassembly in
service-module fail-open
service-module ip address 10.110.0.2 255.255.255.0
service-module ip default-gateway 10.110.0.1
!
interface SM2/1
description Internal switch interface connected to Service Module
no ip address
!
interface Cellular0/3/0
ip address negotiated
ip access-group TEST in
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string ltescript
dialer watch-group 1
async mode interactive
pulse-time 0
!
interface Vlan1
no ip address
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string 123456
dialer persistent
dialer-group 1
no cdp enable
!
!
router eigrp 1577
network 10.110.0.0 0.0.0.255
network 192.168.0.0
network 192.168.50.0
network 192.168.69.0
network 192.168.200.0
!
no ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:CME_GUI
!
no ip nat service sip udp port 5060
ip nat inside source list 151 interface Cellular0/3/0 overload
ip nat inside source static tcp 192.168.69.223 6969 interface Cellular0/3/0 6969
ip route 0.0.0.0 0.0.0.0 Cellular0/3/0 track 10
ip route 0.0.0.0 0.0.0.0 192.168.0.254 10 track 20
ip route 4.2.2.2 255.255.255.255 Cellular0/3/0
ip route 10.110.0.2 255.255.255.255 SM2/0
!
ip access-list extended TEST
permit tcp any host 166.168.999.999 eq 6969
permit ip any any
!
ip sla auto discovery
ip sla 1
icmp-echo 4.2.2.2 source-interface Cellular0/3/0
threshold 750
timeout 900
frequency 1
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.168.0.254 source-ip 192.168.0.253
threshold 750
timeout 900
frequency 1
ip sla schedule 2 life forever start-time now
logging history size 500
access-list 20 remark Networks Allowed onto the Internet
access-list 20 permit 10.110.0.0 0.0.0.255
access-list 20 permit 192.168.0.0 0.0.0.255
access-list 20 permit 192.168.50.0 0.0.0.255
access-list 20 permit 192.168.51.0 0.0.0.255
access-list 20 permit 192.168.69.0 0.0.0.255
access-list 20 permit 192.168.200.0 0.0.0.255
access-list 20 permit 172.16.0.0 0.0.255.255
access-list 100 remark "Block Guest network to everything except the printers, ntp & the Internet
access-list 100 permit udp host 162.210.111.4 eq ntp host 192.168.200.1 eq ntp
access-list 100 permit ip any host 192.168.69.90
access-list 100 permit ip any host 192.168.69.91
access-list 100 permit ip any host 192.168.69.92
access-list 100 permit ip any 192.168.200.0 0.0.0.15
access-list 100 deny ip any 192.168.0.0 0.0.255.255
access-list 100 permit ip any any
access-list 151 permit ip 10.0.0.0 0.255.255.255 any
access-list 151 permit ip 172.16.0.0 0.15.255.255 any
access-list 151 permit ip 192.168.0.0 0.0.255.255 any
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
!
nls resp-timeout 1
cpd cr-id 1
route-map clear-df permit 10
set ip df 0
!
!
tftp-server flash:PhoneFiles/7921/APPS-1.4.1SR1.SBN alias APPS-1.4.1SR1.SBN
tftp-server flash:PhoneFiles/7921/CP7921G-1.4.1SR1.LOADS alias CP7921G-1.4.1SR1.LOADS
tftp-server flash:PhoneFiles/7921/GUI-1.4.1SR1.SBN alias GUI-1.4.1SR1.SBN
tftp-server flash:PhoneFiles/7921/SYS-1.4.1SR1.SBN alias SYS-1.4.1SR1.SBN
tftp-server flash:PhoneFiles/7921/TNUX-1.4.1SR1.SBN alias TNUX-1.4.1SR1.SBN
tftp-server flash:PhoneFiles/7921/TNUXR-1.4.1SR1.SBN alias TNUXR-1.4.1SR1.SBN
tftp-server flash:PhoneFiles/7921/WLAN-1.4.1SR1.SBN alias WLAN-1.4.1SR1.SBN
tftp-server flash:PhoneFiles/7960/P0030801SR02.bin alias P0030801SR02.bin
tftp-server flash:PhoneFiles/7960/P0030801SR02.loads alias P0030801SR02.loads
tftp-server flash:PhoneFiles/7960/P0030801SR02.sb2 alias P0030801SR02.sb2
tftp-server flash:PhoneFiles/7960/P0030801SR02.sbn alias P0030801SR02.sbn
tftp-server flash:PhoneFiles/7961/apps41.9-2-1TH1-13.sbn alias apps41.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7961/cnu41.9-2-1TH1-13.sbn alias cnu41.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7961/cvm41sccp.9-2-1TH1-13.sbn alias cvm41sccp.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7961/dsp41.9-2-1TH1-13.sbn alias dsp41.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7961/jar41sccp.9-2-1TH1-13.sbn alias jar41sccp.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7961/SCCP41.9-2-1S.loads alias SCCP41.9-2-1S.loads
tftp-server flash:PhoneFiles/7961/term41.default.loads alias term41.default.loads
tftp-server flash:PhoneFiles/7961/term61.default.loads alias term61.default.loads
tftp-server flash:PhoneFiles/7962/apps42.9-2-1TH1-13.sbn alias apps42.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7962/cnu42.9-2-1TH1-13.sbn alias cnu42.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7962/cvm42sccp.9-2-1TH1-13.sbn alias cvm42sccp.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7962/dsp42.9-2-1TH1-13.sbn alias dsp42.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7962/jar42sccp.9-2-1TH1-13.sbn alias jar42sccp.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7962/SCCP42.9-2-1S.loads alias SCCP42.9-2-1S.loads
tftp-server flash:PhoneFiles/7962/term42.default.loads alias term42.default.loads
tftp-server flash:PhoneFiles/7962/term62.default.loads alias term62.default.loads
tftp-server flash:PhoneFiles/7965/apps45.9-1-1TH1-16.sbn alias apps45.9-1-1TH1-16.sbn
tftp-server flash:PhoneFiles/7965/cnu45.9-1-1TH1-16.sbn alias cnu45.9-1-1TH1-16.sbn
tftp-server flash:PhoneFiles/7965/cvm45sccp.9-1-1TH1-16.sbn alias cvm45sccp.9-1-1TH1-16.sbn
tftp-server flash:PhoneFiles/7985/cmterm_7985.4-1-7-0.bin alias cmterm_7985.4-1-7-0.bin
tftp-server flash:Desktops/320x216x16/List.xml
tftp-server flash:Desktops/320x216x16/CTS_80x54.png
tftp-server flash:Desktops/320x216x16/CTS_320x216.png
tftp-server flash:Desktops/320x212x16/List.xml
tftp-server flash:Desktops/320x212x16/CTS_80x53.png
tftp-server flash:Desktops/320x212x16/CTS_320x212.png
tftp-server flash:Desktops/640x480x24/List.xml
tftp-server flash:Desktops/640x480x24/CTS_123x111.png
tftp-server flash:Desktops/640x480x24/CTS_640x480.png
tftp-server flash:Desktops/800x600x16/List.xml
tftp-server flash:Desktops/800x600x16/CTS_800x600.png
tftp-server flash:Desktops/320x216x16/PSE_80x54.png
tftp-server flash:Desktops/320x216x16/PSE_320x216.png
tftp-server flash:Desktops/320x212x16/PSE_80x53.png
tftp-server flash:Desktops/320x212x16/PSE_320x212.png
tftp-server flash:Desktops/640x480x24/PSE_640x480.png
tftp-server flash:Desktops/640x480x24/PSE_123x111.png
tftp-server flash:Desktops/800x600x16/PSE_800x600.png
tftp-server flash:Desktops/320x212x12/List.xml
tftp-server flash:Desktops/320x212x12/CTS_80x53.png
tftp-server flash:Desktops/320x212x12/CTS_320x212.png
tftp-server flash:Desktops/320x212x12/PSE_80x53.png
tftp-server flash:Desktops/320x212x12/PSE_320x212.png
tftp-server flash:PhoneFiles/8945/BOOT894x.0-0-0-9.bin.sgn alias BOOT894x.0-0-0-9.bin.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.bin1.sgn alias SCCP894x.9-2-2-0.bin1.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.bin2.sgn alias SCCP894x.9-2-2-0.bin2.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.bin3.sgn alias SCCP894x.9-2-2-0.bin3.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.bin4.sgn alias SCCP894x.9-2-2-0.bin4.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.bin5.sgn alias SCCP894x.9-2-2-0.bin5.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.bin6.sgn alias SCCP894x.9-2-2-0.bin6.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.bin7.sgn alias SCCP894x.9-2-2-0.bin7.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.bin8.sgn alias SCCP894x.9-2-2-0.bin8.sgn
tftp-server flash:PhoneFiles/8945/SCCP894x.9-2-2-0.loads alias SCCP894x.9-2-2-0.loads
tftp-server flash:PhoneFiles/7971/apps70.9-2-1TH1-13.sbn alias apps70.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7971/cnu70.9-2-1TH1-13.sbn alias cnu70.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7971/cvm70sccp.9-2-1TH1-13.sbn alias cvm70sccp.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7971/dsp70.9-2-1TH1-13.sbn alias dsp70.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7971/jar70sccp.9-2-1TH1-13.sbn alias jar70sccp.9-2-1TH1-13.sbn
tftp-server flash:PhoneFiles/7971/SCCP70.9-2-1S.loads alias SCCP70.9-2-1S.loads
tftp-server flash:PhoneFiles/7971/term70.default.loads alias term70.default.loads
tftp-server flash:PhoneFiles/7971/term71.default.loads alias term71.default.loads
tftp-server flash:Desktops/320x216x16/CTS_PSE_320x216.png
tftp-server flash:Desktops/320x216x16/CTS_PSE_80x54.png
tftp-server flash:PhoneFiles/7965/dsp45.9-1-1TH1-16.s1-13.sbn alias cvm45sccp.9-2-1TH1-13.sbn
tftp-server flash:/PhoneFiles/7975/apps75.9-4-2ES26.sbn alias apps75.9-4-2ES26.sbn
tftp-server flash:/PhoneFiles/7975/cnu75.9-4-2ES26.sbn alias cnu75.9-4-2ES26.sbn
tftp-server flash:/PhoneFiles/7975/cvm75sccp.9-4-2ES26.sbn alias cvm75sccp.9-4-2ES26.sbn
tftp-server flash:/PhoneFiles/7975/dsp75.9-4-2ES26.sbn alias dsp75.9-4-2ES26.sbn
tftp-server flash:/PhoneFiles/7975/jar75sccp.9-4-2ES26.sbn alias jar75sccp.9-4-2ES26.sbn
tftp-server flash:/PhoneFiles/7975/SCCP75.9-4-2SR3-1S.loads alias SCCP75.9-4-2SR3-1S.loads
tftp-server flash:/PhoneFiles/7975/term75.default.loads alias term75.default.loads
!
control-plane
!
!
no ccm-manager fax protocol cisco
!
no mgcp package-capability res-package
no mgcp timer receive-rtcp
!
mgcp profile default
!
sccp local GigabitEthernet0/0.110
sccp ccm 10.110.0.1 identifier 1 priority 1 version 7.0
sccp
!
sccp ccm group 1
associate ccm 1 priority 1
associate profile 2 register tdxcode
associate profile 1 register TDCCONF
!
dspfarm profile 2 transcode
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
codec g722-64
codec g729r8
codec ilbc
codec g729br8
codec pass-through
maximum sessions 4
associate application SCCP
!
dspfarm profile 1 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 1
associate application SCCP
!
dial-peer cor custom
name LoK_Local
name LoK_National
name LoK_International
name LoK_EMS
!
!
dial-peer cor list Keyring-Local
member LoK_Local
member LoK_EMS
!
dial-peer cor list Keyring-National
member LoK_Local
member LoK_National
member LoK_EMS
!
dial-peer cor list Keyring-International
member LoK_Local
member LoK_National
member LoK_International
member LoK_EMS
!
dial-peer cor list Keyring-EMS-Only
member LoK_EMS
!
dial-peer cor list Door-Local
member LoK_Local
member LoK_EMS
!
dial-peer cor list Door-National
member LoK_Local
member LoK_National
member LoK_EMS
!
dial-peer cor list Door-International
member LoK_Local
member LoK_National
member LoK_International
member LoK_EMS
!
dial-peer cor list Door-EMS-Only
member LoK_EMS
!
!
dial-peer voice 911 voip
corlist outgoing Door-EMS-Only
destination-pattern 911
session protocol sipv2
session target sip-server
dtmf-relay rtp-nte
no vad
!
dial-peer voice 100 voip
description *** Incoming Calls VoIP ***
translation-profile incoming Incoming_calls
call-block translation-profile incoming BLOCK-INCOMING
call-block disconnect-cause incoming call-reject
preference 1
session protocol sipv2
session target sip-server
incoming called-number .
voice-class codec 1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 200 voip
corlist outgoing Door-National
description *** Outbound 11 Digit Dialing Calls ***
translation-profile outgoing Eleven_Digit_Dialing
preference 1
destination-pattern 1[2-9]..[2-9]......$
translate-outgoing called 3
session protocol sipv2
session target sip-server
voice-class codec 1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 210 voip
corlist outgoing Door-National
description *** Outbound 10 Digit Dialing Calls ***
translation-profile outgoing Ten_Digit_Dialing
preference 1
destination-pattern [2-9].........$
session protocol sipv2
session target sip-server
voice-class codec 1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 5000 voip
description Dial-peer to the Voicemail System"
destination-pattern 5000
b2bua
session protocol sipv2
session target ipv4:10.110.0.2
dtmf-relay sip-notify
codec g711ulaw
no vad
!
dial-peer voice 5050 voip
description Dial-peer to the Auto Attendant"
destination-pattern 5050
b2bua
session protocol sipv2
session target ipv4:10.110.0.2
dtmf-relay sip-notify
codec g711ulaw
no vad
!
dial-peer voice 5051 voip
description Dial-peer to the CUE Management System"
destination-pattern 5051
b2bua
session protocol sipv2
session target ipv4:10.110.0.2
dtmf-relay sip-notify
codec g711ulaw
no vad
!
dial-peer voice 220 voip
corlist outgoing Door-International
description *** Outbound International Calling ***
preference 1
destination-pattern 011T
session protocol sipv2
session target sip-server
voice-class codec 1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 933 voip
corlist outgoing Door-EMS-Only
destination-pattern 933
session protocol sipv2
session target sip-server
dtmf-relay rtp-nte
no vad
!
dial-peer voice 611 voip
corlist outgoing Door-National
description Call Support
translation-profile outgoing Support
destination-pattern 611
b2bua
translate-outgoing called 5
session protocol sipv2
session target sip-server
dtmf-relay sip-notify
codec g711ulaw
no vad
!
dial-peer voice 411 voip
corlist outgoing Door-National
description Call Free 411 information service
translation-profile outgoing Free_411
destination-pattern 411
b2bua
translate-outgoing called 3
session protocol sipv2
session target sip-server
dtmf-relay sip-notify
codec g711ulaw
no vad
!
!
gateway
timer receive-rtp 1200
!
sip-ua
credentials username 604 password 7 0822 realm anveo.com
authentication username 604 password 7 0100 realm anveo.com
mwi-server ipv4:10.110.0.2 expires 3600 port 5060 transport udp unsolicited
registrar dns:sip.anveo.com:5010 expires 180
sip-server dns:sip.anveo.com:5010
!
!
!
gatekeeper
shutdown
!
!
telephony-service
sdspfarm units 2
sdspfarm tag 1 TDCCONF
sdspfarm tag 2 tdxcode
conference hardware
no auto-reg-ephone
max-ephones 100
max-dn 200
ip source-address 10.110.0.1 port 2000
service phone daysDisplayNotActive 1,7
service phone displayOnTime 08:00
service phone displayOnDuration 12
service phone displayIdleTimeout 00:10
service phone settingsAccess 1
service phone modeOfOperation 1
service phone displaywhebincomingcall 1
system message Solution
url services http://w1.weather.gov/xml/current_obs/KLCQ.xml
load 7921 CP7921G-1.4.1SR1
load 7935 P00503021900
load 7960-7940 P00308000800
load 7962 SCCP42.9-2-1S
load 7971 SCCP70.9-2-1S
load 7975 SCCP75.9-4-2SR3-1S
load 7985 cmterm_7985.4-1-7-0
load 8945 SCCP894x.9-2-2-0
time-zone 12
voicemail 5000
mwi relay
max-conferences 4 gain -6
call-park system redirect
call-park system application
multicast moh 239.2.2.2 port 2000
web admin system name mdurham password
dn-webedit
time-webedit
transfer-system full-consult
after-hours block pattern 1 1010 7-24
after-hours block pattern 2 1900 7-24
fac standard
create cnf-files version-stamp 7960 Jun 01 2019 20:06:39
!
!
ephone-template 1
softkeys remote-in-use CBarge Newcall
softkeys hold Resume Newcall Join
softkeys idle Redial Newcall Cfwdall Dnd Mobility Pickup Join
softkeys connected Hold Endcall Park Trnsfer Confrn Join Select Mobility ConfList Acct
!
!
ephone-dn 1 octo-line
number 13865551313 no-reg both
label Main
description Main Line
name Sys
mobility
snr calling-number local
snr 3865551515 delay 1 timeout 25 cfwd-noan 5000
snr ring-stop
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 3 octo-line
number 13865551414 no-reg both
label Main
description s line
name Exp
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 5 octo-line
number 1200 no-reg both
label Technologies
description Technologies line
name PhnSysExp
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 11 dual-line
number 1111 no-reg both
label Michael T. Durham
description Michael T. Durham
name Michael T. Durham
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-International
!
!
ephone-dn 12 dual-line
number 1112 no-reg both
label Lacey
description Lacey Desk Phone
name Lacey
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 13 dual-line
number 1113 no-reg both
label Michael's Bench
description Michael's phone
name Michael's Bench
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 14 dual-line
number 1114 no-reg both
label Shop Desk
description Shop Desk phone
name Shop Desk
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 15 dual-line
number 1115 no-reg both
label Paint Shop
description Paint Shop Desk phone
name Paint Shop
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 16 dual-line
number 1116 no-reg both
label WorkShop
description WorkShop Desk phone
name WorkShop
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 21
number 1121 no-reg both
label Garage Phone
trunk 1100
!
!
ephone-dn 22 dual-line
number 1122 no-reg both
label Living Room
description Living Room
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 23 dual-line
number 1123
label Michael's
description Michael's Phone
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 24 dual-line
number 1124 no-reg both
label Guest
description Guest Phone
call-forward busy 5000
call-forward noan 5000 timeout 17
corlist incoming Keyring-National
!
!
ephone-dn 31 dual-line
number 1131 no-reg both
label WiFi
description Wifi Phone
call-forward busy 5000
call-forward noan 5000 timeout 25
corlist incoming Keyring-National
!
!
ephone-dn 100
number A2100 no-reg both
description Intercom from Michael's Office to Lacey
intercom A2101 no-mute label "Lacey
!
!
ephone-dn 101
number A2101 no-reg both
description Intercom from Lacey to Michael's Office
intercom A2100 no-mute label "Michael's Office"
!
!
ephone-dn 102
number A2102 no-reg both
description Intercom frm Michael Office to Shop
intercom A2103 no-mute label "Shop Desk"
!
!
ephone-dn 103
number A2103 no-reg both
description Intercom frm Shop to Michael Office
intercom A2102 no-mute label "Michael's Office"
!
!
ephone-dn 104
number A2104 no-reg both
description Intercom from Michael to Paint Shop
intercom A2105 no-mute label "Paint Shop"
!
!
ephone-dn 105
number A2105 no-reg both
description Intercom frm Paint Shop to Michael Offic
intercom A2104 no-mute label "Michael's Office"
!
!
ephone-dn 106
number A2106 no-reg both
description Intercom frm Michael Office to Living Rm
intercom A2107 no-mute label "Living Room"
!
!
ephone-dn 107
number A2107 no-reg both
description Intercom frm Living Room to Michael Offi
intercom A2106 no-mute label "Michael's Office"
!
!
ephone-dn 108
number A2108 no-reg both
description Intercom from Lacey to Paint Shop
intercom A2109 no-mute label "Paint Shop"
!
!
ephone-dn 109
number A2109 no-reg both
description Intercom from Paint Shop to Lacey
intercom A2108 no-mute label "Lacey
!
ephone-dn 110
number A2110 no-reg both
description Intercom from Lacey to Living Room
intercom A2111 no-mute label "Living Room"
!
!
ephone-dn 111
number A2111 no-reg both
description Intercom from Living Room to Lacey
intercom A2110 no-mute label "Lacey
!
!
ephone-dn 112
number A2112 no-reg both
description Intercom from Lacey to Michael's
intercom A2113 no-mute label "Michael's
!
!
ephone-dn 113
number A2113 no-reg both
description Intercom from Michael's to Lacey
intercom A2112 no-mute label "Lacey
!
!
ephone-dn 114
number A2114 no-reg both
description Intercom from Shop to Paint Shop
intercom A2115 no-mute label "Paint Shop"
!
!
ephone-dn 115
number A2115 no-reg both
description Intercom from Paint Shop to Shop
intercom A2114 no-mute label "Shop Desk"
!
!
ephone-dn 116
number A2116 no-reg both
description Intercom from Shop to Living Room
intercom A2117 no-mute label "Living Room"
!
!
ephone-dn 117
number A2117 no-reg both
description Intercom from Living Room to Shop
intercom A2116 no-mute label "Shop Desk"
!
!
ephone-dn 118
number A2118 no-reg both
description Intercom from Paint Shop to Living Rm
intercom A2119 no-mute label "Living Room"
!
!
ephone-dn 119
number A2119 no-reg both
description Intercom frm Living Room to Paint Shop
intercom A2118 no-mute label "Paint Shop"
!
!
ephone-dn 120
number A2120 no-reg both
description Intercom frm Michael's to Livi
intercom A2121 no-mute label "Living Room"
!
!
ephone-dn 121
number A2121 no-reg both
description Intercom frm Living Rm to Michael's
intercom A2120 no-mute label "Michael's
!
!
ephone-dn 122
number A2122 no-reg both
description Intercom frm Michael's to Shop
intercom A2123 no-mute label "Shop Desk"
!
!
ephone-dn 123
number A2123 no-reg both
description Intercom frm Shop to Michael's
intercom A2122 no-mute label "Michael's
!
!
ephone-dn 124
number A2124 no-reg both
description Intercom frm Michael's to Paint Shop
intercom A2125 no-mute label "Paint Shop"
!
!
ephone-dn 125
number A2125 no-reg both
description Intercom frm Paint Shop to Michael's
intercom A2124 no-mute label "Michael's
!
!
ephone-dn 126
number A2126 no-reg both
description Intercom frm Michael Of to Michael's
intercom A2127 no-mute label "Michael's
!
!
ephone-dn 127
number A2127 no-reg both
description Intercom frm Michael's to Michael Of
intercom A2126 no-mute label "Michael's Office"
!
!
ephone-dn 128
number A2128 no-reg both
description Intercom frm Lacey to Workshop
intercom A2129 no-mute label "Workshop"
!
!
ephone-dn 129
number A2129 no-reg both
description Intercom frm Workshop to Lacey
intercom A2128 no-mute label "Lacey"
!
!
ephone-dn 130
number A2130 no-reg both
description Intercom frm LivingRm to Workshop
intercom A2131 no-mute label "Workshop"
!
!
ephone-dn 131
number A2131 no-reg both
description Intercom frm Workshop to LivingR,
intercom A2130 no-mute label "Living Room"
!
!
ephone-dn 180
number 3000 no-reg both
park-slot timeout 300 limit 3 notify 13865551212 transfer 5000
name Call Park 3000
!
!
ephone-dn 181
number 3001 no-reg both
park-slot timeout 300 limit 3 notify 13865551212 transfer 5000
name Call Park 3001
!
!
ephone-dn 190
number 4000 no-reg both
park-slot timeout 300 limit 3 notify 13865551313 transfer 6000
name Call Park 4000
!
!
ephone-dn 191
number 4001 no-reg both
park-slot timeout 300 limit 3 notify 13865551313 transfer 6000
name Call Park 4001
!
!
ephone-dn 196 octo-line
number AA01 no-reg both
conference ad-hoc
!
!
ephone-dn 197
number 6998.... no-reg both
mwi off
!
!
ephone-dn 198
number 6999.... no-reg both
mwi on
!
!
ephone-dn 199
number 5998.... no-reg both
mwi off
!
!
ephone-dn 200
number 5999.... no-reg both
mwi on
!
!
ephone 11
device-security-mode none
description "Michael T. Durham"
mac-address 5C50.1545.AA9F
ephone-template 1
speed-dial 1 3865551234 label "Lacey's Cell"
type 7975
mwi-line 2
button 1:11 2:1 3f3 4:100
button 5:102 6:126 7:106 8:104
!
!
!
ephone 12
device-security-mode none
description Lacey
mac-address 5C50.1545.A769
ephone-template 1
speed-dial 1 9045551111 label "FedEx Ryan"
speed-dial 2 3865551515 label "Michael' Cell"
speed-dial 3 A2128 label "WorkShop"
type 7975
button 1:12 2:1 3f3 4:101
button 5:108 6:112 7:110
!
!
!
ephone 13
device-security-mode none
description "Michael's Bench Phone"
mac-address 0026.0B5C.795D
ephone-template 1
type 7945
button 1:1 2f3
!
!
!
ephone 14
device-security-mode none
description Lacey's Desk phone
mac-address 5C50.1545.A8A6
ephone-template 1
speed-dial 1 9045551111 label "FedEx Ryan"
speed-dial 2 3865551515 label "Michael's Cell"
type 7975
button 1:14 2:1 3f3 4:103
button 5:114 6:123 7:116
!
!
!
ephone 15
device-security-mode none
description "Paint Shop"
mac-address 0015.C696.E15A
ephone-template 1
speed-dial 2 3865551515 label "Michael' Cell"
type 7970
button 1:15 2:1 3f3 4:105
button 5:115 6:125 7:118 8:109
!
!
!
ephone 16
device-security-mode none
description "WorkShop"
mac-address 0016.C7AE.E08C
ephone-template 1
speed-dial 1 3865551234 label "Lacey's Cell"
speed-dial 2 A2129 label "Lacey McGee"
type 7970
button 1:16 2:1 3f3 4:105
button 5:115 6:125 7:118 8:109
!
!
!
ephone 21
device-security-mode none
description "Garage Phone"
mac-address 0011.93C2.AE67
type 7905
button 1:21
!
!
!
ephone 22
device-security-mode none
description living room 7975 phone
mac-address 5C50.1545.AA1D
ephone-template 1
speed-dial 2 386555155 label "Michael' Cell"
type 7975
mwi-line 2
button 1:22 2:1 3f3 4:111
button 5:117 6:121 7:107 8:119
!
!
!
ephone 23
device-security-mode none
description Michael's Phone
mac-address 081F.F363.AA88
ephone-template 1
speed-dial 1 3865551234 label "Lacey's Cell"
type 7975
mwi-line 2
button 1:23 2:1 3f3 4:113
button 5:122 6:127 7:120 8:124
!
!
!
ephone 24
device-security-mode none
description Guest Phone
!
!
!
ephone 31
device-security-mode none
description Color WiFi Phoen
mac-address 0022.90FD.8AA4
ephone-template 1
max-calls-per-button 4
type 7921
mwi-line 2
button 1:31 2:1 3f3
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/3/0
script dialer ltescript
modem InOut
no exec
transport input telnet
rxspeed 100000000
txspeed 50000000
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line 131
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 0 0
privilege level 15
password 7 072F5D
logging synchronous
login local
terminal-type monitor
transport input telnet ssh
transport output telnet
line vty 5 15
privilege level 15
password 7 11246F75
logging synchronous
login local
transport input telnet
transport output telnet
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 1.north-america.pool.ntp.org
ntp server 2.north-america.pool.ntp.org
ntp server 103.105.51.156 minpoll 10
ntp server 0.north-america.pool.ntp.org
ntp server 3.north-america.pool.ntp.org
!
end

Is your 192.168.69.223 establishing some VPN tunnel with a remote Server?

Yes but it is NOT using the interface Tunnel1 in the 3945's config and it is not listening on port 6969. The 192.168.69.223 server is using Microsoft's VPN client to connect to PureVPN on ports 8080, 9090 and a few others. The server is running CrushFTP only. I can point to 192.168.69.61 which is a different server and does not have any VPN's connected and get back to you.
Review Cisco Networking for a $25 gift card