Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2260
Views
0
Helpful
4
Replies

Open port outgoing and incoming Cisco router

papathimiu
Level 1
Level 1

‎07-22-2020 04:06 PM

Hi everyone

 

I am having a problem with the following scenario.

I have a small server at home. I have configured the NAT and I can connect to the server from the WAN. There are two special ports which I need to connect to from outside and the server need to connect to some service provider (Not the ISP). Lets say port: 2064 and 2065. 

I have the following on the router:

 

interface Dialer1
ip nat outside
interface GigabitEthernet0/1
ip address 192.168.2.10 255.255.255.0
ip nat inside


ip policy route-map HTTP_NEXTHOP

ip nat inside source static tcp 192.168.2.30 2064 142.115.23.152 2064 extendable
ip nat inside source static tcp 192.168.2.30 2065 142.115.23.152 2065 extendable

 

ip nat inside destination list HTTP pool 1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

 

ip access-list extended HTTP
permit tcp any any eq 2064
permit tcp any any eq 2065

 

route-map HTTP_NEXTHOP permit 10
match ip address HTTP
set ip next-hop 192.168.2.30

 

I still cannot outbound on those two ports.

 

Any ideas would be greatly appreciated.

topology.png

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎07-22-2020 04:22 PM

Do you have generic outbound NAT Traffic ACL rule ? can you post full configuration.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

papathimiu
Level 1
Level 1
In response to balaji.bandi

‎07-22-2020 05:00 PM

Hi balaji

Thank you for the reply.

I have the Nat rule and the ACL in place. I think is properly done.

Maybe I am missing something on it.

0 Helpful

papathimiu
Level 1
Level 1

‎07-22-2020 04:58 PM

Webserver#show run
Building configuration...


Current configuration : 5240 bytes
!
! Last configuration change at 22:45:47 UTC Wed Jul 22 2020
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Webserver
!
no ip domain lookup

interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Wan-Interface
no ip address
ip policy route-map HTTP_NEXTHOP
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 10
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.2.10 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 10
ppp authentication pap callin
ppp ipcp route default
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool 1 192.168.2.30 192.168.2.30 netmask 255.255.255.0 type rotary
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.2.30 80 interface Dialer1 80
ip nat inside source static tcp 192.168.2.30 53 interface Dialer1 53
ip nat inside source static udp 192.168.2.30 53 interface Dialer1 53
ip nat inside source static tcp 192.168.2.30 2086 interface Dialer1 2064
ip nat inside source static tcp 192.168.2.30 2087 interface Dialer1 2065

ip nat inside destination list 101 pool 1
ip nat inside destination list HTTP pool 1
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended HTTP
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq domain
permit udp any any eq domain
permit tcp any any
permit udp any any
permit tcp any any eq 2064
permit tcp any any eq 2065
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 101 permit tcp any any eq 2064
access-list 101 permit tcp any any eq 2065
!
nls resp-timeout 1
cpd cr-id 1
route-map HTTP_NEXTHOP permit 10
match ip address HTTP
set ip next-hop 192.168.2.30
!
!
!
control-plane
!
!
!
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input telnet
!
scheduler allocate 20000 1000
!
end

0 Helpful

paul driver
VIP
VIP

‎07-23-2020 12:53 AM

Hello

I see you have specifed  routed public ip addressing in your PAT entries, Can you confrim if this addressing is allocated to your wan rtr?

Also I would say the following isnt required:

no ip nat pool 1 192.168.2.30 192.168.2.30 netmask 255.255.255.0 type rotary
no ip nat inside destination list 101 pool 1
no ip nat inside destination list HTTP pool 1
no route-map HTTP_NEXTHOP
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card