Solved: Thank you Sohan! All works

leonnikolaou · ‎03-28-2017

Hi guys, hope you are all well!

I need your lights here.

I have a Cisco router at my office and I need to do port forwarding at my security systems for ports 3000 and 3001, both TCP and UDP, however I'm straggling to do that.

Please find my configuration below and kindly have a look to see what I'm doing wrong. Thanks guys!

12 boot-start-marker
13 boot-end-marker
14 !
15 enable secret 5 $1$rhffyhcg$8mHzyyIygfffff5g28Jsf.O0
16 !
17 no aaa new-model
18 !
19 resource policy
20 !
21 mmi polling-interval 60
22 no mmi auto-configure
23 no mmi pvc
24 mmi snmp-timeout 180
25 ip subnet-zero
26 ip cef
27 !
28 !
29 no ip dhcp use vrf connected
30 ip dhcp excluded-address 192.168.1.1 192.168.1.130
31 ip dhcp excluded-address 192.168.1.200 192.168.1.250
32 !
33 ip dhcp pool OFFICE
34 network 192.168.1.0 255.255.255.0
35 default-router 192.168.1.254
36 dns-server X.X.X.X X.X.X.X
38 !
40 !
42 !
43 !
44 !
45 interface FastEthernet0/0
46 description LAN
47 ip address 192.168.1.254 255.255.255.0
48 ip nat inside
49 ip policy route-map internet
50 duplex auto
51 speed auto
52 !
53 interface FastEthernet0/1
54 description ET1011193$ES_LAN$
55 ip address 93.X.X.X 255.255.255.252
56 ip nat outside
57 duplex auto
58 speed auto
59 !
60 ip classless
61 ip route 0.0.0.0 0.0.0.0 93.X.X.X
62 !
63 ip http server
64 ip nat inside source list 1 interface FastEthernet0/1 overload
65 ip nat inside source static tcp 192.168.1.50 3000 interface FastEthernet0/1 3000
66 !
67 access-list 1 permit 192.168.1.0 0.0.0.255
68 access-list 10 permit 195.X.X.X
69 access-list 10 permit 192.168.1.0 0.0.0.255
70 !
71 control-plane
72 !
73 !
74 line con 0
75 line aux 0
76 line vty 0 4
77 access-class 10 in
79 login
80 transport input telnet
81 !
82 end

SOHAN HEGDE · ‎03-28-2017

Looking at your configuration, its look-like you are planning to use policy-based routing to re-direct the traffic. but route-map is not defined

45 interface FastEthernet0/0
46 description LAN
47 ip address 192.168.1.254 255.255.255.0
48 ip nat inside
49 ip policy route-map internet <<<<<<<PBR is called, but not defined.

you can use below config to achieve your task

ip access-list extended internet-traffic
permit udp any any 3001
permit udp any any 3002
permit tcp any any 3001
permit tcp any any 3002

route-map internet permit 5
match ip address internet-traffic
set ip next-hop "IP-ADDRESS OF SECURITY DEVICE" verify-availability
route-map internet permit 10

interface FastEthernet0/0
ip policy route-map internet

View solution in original post

Dmitri Popkov · ‎03-28-2017

First, can you please describe, what are you trying to achieve? What resource should be published and on which port?

leonnikolaou · ‎03-28-2017

Hi Dmitri, thanks for your reply.

Basically I would like to forward port 3000 and port 3001 to a security system which I have at the office. It must be done for both TCP and UDP protocols.

SOHAN HEGDE · ‎03-28-2017

Looking at your configuration, its look-like you are planning to use policy-based routing to re-direct the traffic. but route-map is not defined

45 interface FastEthernet0/0
46 description LAN
47 ip address 192.168.1.254 255.255.255.0
48 ip nat inside
49 ip policy route-map internet <<<<<<<PBR is called, but not defined.

you can use below config to achieve your task

ip access-list extended internet-traffic
permit udp any any 3001
permit udp any any 3002
permit tcp any any 3001
permit tcp any any 3002

route-map internet permit 5
match ip address internet-traffic
set ip next-hop "IP-ADDRESS OF SECURITY DEVICE" verify-availability
route-map internet permit 10

interface FastEthernet0/0
ip policy route-map internet

leonnikolaou · ‎03-30-2017

Thank you Sohan! All works good now! Thanks a lot!

Port forwarding on router Cisco 805