01-02-2020 05:37 AM
Hi,
I'm completely new to Cisco products, and would like to configure port forwarding in order to access my office server from my home laptop. My Cisco router is 881-k9 v01, and I've gone through a couple of commands but it's all very confusing.
All I've managed to do is connect through console using PuTTY. I'd appreciate the help.
01-02-2020 07:40 AM
Hello,
here is a basic sample configuration:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 4.2.2.2
!
ip cef
!
username admin privilege 15 secret 5 $1$P4qP$h1hBpRrCmd2ZfOk/g9/yX0
!
archive
log config
hidekeys
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN
ip address dhcp
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
line con 0
password console
logging synchronous
login
no modem enable
line aux 0
password backdoor
login
line vty 0 4
password telnet
login
!
scheduler max-task-time 5000
end
01-02-2020 10:48 AM
Thanks Georg
01-02-2020 10:14 AM
Hello
You need to elaborate a little bit more -
First of all where does this Cisco router reside (office or home)
If at home then Is public web access already available to your office web server or does this need setting up also
If the router is at the office and you need to implement web access then does the router sit behind any firewall
01-02-2020 10:49 AM
Hey Paul,
The router resides at the office and doesn't sit behind a firewall
01-02-2020 12:04 PM - edited 01-02-2020 12:05 PM
Hello
@Mvuvi wrote:
Hey Paul,
The router resides at the office and doesn't sit behind a firewall
thanks for the clarification-So apart from NAT running in this router does it have any software security feature enabled such as zone based fireall(ZB FW) or context based access control (cbac)
can you post the configuration of the router if applicable and leave out any public addressing or passwords etc...
01-06-2020 05:05 AM - edited 01-06-2020 05:21 AM
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Meridian_Anniversary
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
!
!
!
!
!
!
!
ip dhcp excluded-address xxx.xxx.x.x xxx.xxx.x.x
ip dhcp excluded-address xxx.xxx.x.xxx
!
ip dhcp pool ANNIVERSARRY
network xxx.xxx.x.x xxx.xxx.xxx.x
default-router xxx.xxx.x.x
dns-server xxx.xxx.xxx.xx x.x.x.x xx.xxx.xx.xx
!
!
!
ip name-server xx.xxx.xx.xx
ip name-server x.x.x.x
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C881-K9 sn FCZ1825C106
!
!
username soc password 7 xxxxxxxxxxxx
username admin password 0 xxxxxxxxx
username meridian password 7 xxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key Meridian!2013 address xxx.xxx.xxx.xx
!
!
crypto ipsec transform-set HQ-LAVINGTON esp-3des esp-md5-hmac
mode transport
!
!
crypto ipsec profile protect-gre
set security-association lifetime seconds 86400
set transform-set HQ-LAVINGTON
!
!
!
!
!
!
!
interface Tunnel10
description TUNNEL-LAVINGTON-TOWN
ip address xxx.xx.xx.x xxx.xxx.xxx.xxx
tunnel source xx.xx.xxx.xxx
tunnel destination xxx.xxx.xxx.xx
tunnel protection ipsec profile protect-gre
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description JTL INTERNET
no ip address
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
description LAN
ip address xxx.xxx.x.x xxx.xxx.xxx.x
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
description JTL_WAN
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname Meridian
ppp chap password 7 xxxxxxxxxxxxxxxxxx
ppp pap sent-username Meridian password 7 xxxxxxxxxxxxxxxxx
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp xxx.xxx.x.xxx xxxx xx.xx.xxx.xxx xxxx extendable ip nat inside source static tcp xxx.xxx.x.xxx xxxx xx.xx.xxx.xxx xxxx extendable ip route 0.0.0.0 0.0.0.0 Dialer1 name JTL-Internet
ip route xxx.xxx.x.xxx xxx.xxx.xxx.x xxx.xxx.x.xxx name route_to_Lavington
!
!
access-list 102 permit ip xxx.xxx.x.x x.x.x.xxx any
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: