Port Forward not working on 1841

Mark · ‎08-09-2018

Any help would be appreciated greatly. Trying to get RDP working.

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec localtime
service password-encryption
!
hostname CISCO_1841
!
boot-start-marker
boot config flash:running-config
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$NQDK$tuRCWqVxH7tRsZdHSczUJ1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization network default local
aaa authorization network groupauthor local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.25
!
ip dhcp pool DATA
network 192.168.100.0 255.255.255.0
dns-server 75.75.75.75 8.8.8.8
default-router 192.168.100.1
!
ip dhcp pool WIRELESS
network 192.168.103.0 255.255.255.0
dns-server 75.75.75.75 8.8.8.8
default-router 192.168.103.1
!
ip dhcp pool CANON
host 192.168.100.5 255.255.255.0
client-identifier 0100.1e8f.39c0.c4
!
ip dhcp pool MONITOR
host 192.168.100.174 255.255.255.0
client-identifier 0100.2170.476e.10
!
ip dhcp pool VOIP
network 192.168.102.0 255.255.255.0
dns-server 75.75.75.75 8.8.8.8
default-router 192.168.102.1
!
ip dhcp pool SUT
network 192.168.101.0 255.255.255.0
dns-server 75.75.75.75 8.8.8.8
default-router 192.168.101.1
!
ip dhcp pool XBOX
host 192.168.100.9 255.255.255.0
client-identifier 0100.25ae.6666.09
!
!
ip ddns update method no-ip
HTTP
add http://northnet:xxxxx@dynupdate.no-ip.com/nic/update?hostname=northshire.no-ip.biz&myip=xxx.xxx.xxx.xxx
interval maximum 0 4 0 0
!
!
async-bootp dns-server 8.8.8.8
!
crypto pki trustpoint TP-self-signed-2714623577
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2714623577
revocation-check none
rsakeypair TP-self-signed-2714623577
!
!
crypto pki certificate chain TP-self-signed-2714623577
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373134 36323335 3737301E 170D3138 30343239 31373231
35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37313436
32333537 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D003 AB5C4BD0 A741A8DE 506C4BE6 42A4E2EF DDE6BA34 16D7F2FB 64E4431A
E84361FC 44263E33 35F09285 0A8EC17A BD7C00EF F8F46F48 45D2367A 1755792D
89716DE1 BDD2740C 755B00F3 AC19B443 DE401821 17FB7C00 BE6D30D5 49800FD4
7ADE5072 18BAAB4D 57C3253B F7602BCC 0A3A15A0 57314D35 4B9CF9A8 8CAFFFA9
D3D50203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603
551D1104 0E300C82 0A434953 434F5F31 38343130 1F060355 1D230418 30168014
F9099F86 8D57A596 AF22C9BE 73027123 E3884945 301D0603 551D0E04 160414F9
099F868D 57A596AF 22C9BE73 027123E3 88494530 0D06092A 864886F7 0D010104
05000381 810052F2 9068E92D 1B9CE19F D76FF624 FFF5AA03 D54F2422 D82874D5
1650138F 0FD3020B B86D026C B4A004C5 C9CFF4A3 9C78EEFC 8C7E5288 91B324BE
A6EDF255 4DD85F0C 114C6EB5 28AD2D0B BFC78E2C 56BCC29E 3328580A B242ABCE
A7B1E9F3 5DB9BAE1 FDFC53CC 25FF122C 1F5D0347 415F1C2D F2195BEF C569A43D
E918325D 3F7C
quit
username administrator secret 5 $1$ffKd$1jNa1UZmYz8x/wmHWowlh.
username northnet secret 5 $1$ePv7$ohkQUL0maM1RbPOMF/Sxg/
username mchila secret 5 $1$9Qku$fWUZUC68QFEp43q2fMwd31
username admin privilege 15 password 7 0305550F140A36181B504E
username vpn privilege 15 secret 5 $1$eXR.$oGpc7tWWGlf0LwDX6NMag0
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local VPN
!
crypto isakmp client configuration group vpnclient
key northnetvpn
dns 8.8.8.8
pool VPN
acl 101
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
no crypto ipsec nat-transparency udp-encaps
!
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
crypto map intmap client configuration address initiate
!
!
!
interface FastEthernet0/0
ip ddns update hostname northshire.no-ip.biz
ip ddns update no-ip
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map clientmap
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.100
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 192.168.101.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 192.168.102.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip address 192.168.103.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial0/0/0
no ip address
shutdown
!
ip local pool VPN 10.10.10.10 10.10.10.50
no ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 111 interface FastEthernet0/0 overload
ip nat inside source static esp 192.168.100.1 interface FastEthernet0/0
ip nat inside source static tcp 192.168.100.1 22 interface FastEthernet0/0 22
ip nat inside source static udp 192.168.100.9 3074 interface FastEthernet0/0 3074
ip nat inside source static udp 192.168.100.9 88 interface FastEthernet0/0 88
ip nat inside source static udp 192.168.100.9 53 interface FastEthernet0/0 53
ip nat inside source static udp 192.168.100.9 80 interface FastEthernet0/0 80
ip nat inside source static udp 192.168.100.9 500 interface FastEthernet0/0 500
ip nat inside source static udp 192.168.100.9 3544 interface FastEthernet0/0 3544
ip nat inside source static udp 192.168.100.9 4500 interface FastEthernet0/0 4500
ip nat inside source static tcp 192.168.100.53 3389 76.19.253.160 3389 extendable
ip dns server
!
access-list 101 remark Allowed VPN Traffic
access-list 101 permit ip 192.168.100.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip 192.168.101.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip 192.168.102.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip 192.168.103.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 111 remark NAT and Split Tunnel
access-list 111 deny ip 192.168.100.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 111 deny ip 192.168.101.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 111 deny ip 192.168.102.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 111 deny ip 192.168.103.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 111 permit ip any any
!
!
control-plane
!
!
line con 0
line aux 0
transport input ssh
line vty 0 4
privilege level 15
transport input telnet ssh
transport output telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179040
ntp server 198.144.194.12 prefer
end

Georg Pauwen · ‎08-09-2018

Hello,

I am not sure how static NAT works with DHCP assigned addresses, or if it matters at all. For the sake of testing, try if:

ip nat inside source static tcp 192.168.100.53 3389 interface FastEthernet0/0 3389

works.

Troy Jackson · ‎08-09-2018

The "extendable" keyword is used if you want to NAT a private or source address to more than one public or mapped addresses. Do you need the address to be the "76.19" address? If it is usable from your ISP. Try using a 1 to 1 static without the port forward. Ex. ip nat inside source static ip192.168.100.53 3389 76.19.253.160. If you can't do this due to a requirement. Try using the interface F0/0.

Please remember to rate useful posts, by clicking on the star below.
-Troy J.