03-28-2017 04:23 AM - edited 03-05-2019 08:16 AM
Hi guys, hope you are all well!
I need your lights here.
I have a Cisco router at my office and I need to do port forwarding at my security systems for ports 3000 and 3001, both TCP and UDP, however I'm straggling to do that.
Please find my configuration below and kindly have a look to see what I'm doing wrong. Thanks guys!
12 boot-start-marker
13 boot-end-marker
14 !
15 enable secret 5 $1$rhffyhcg$8mHzyyIygfffff5g28Jsf.O0
16 !
17 no aaa new-model
18 !
19 resource policy
20 !
21 mmi polling-interval 60
22 no mmi auto-configure
23 no mmi pvc
24 mmi snmp-timeout 180
25 ip subnet-zero
26 ip cef
27 !
28 !
29 no ip dhcp use vrf connected
30 ip dhcp excluded-address 192.168.1.1 192.168.1.130
31 ip dhcp excluded-address 192.168.1.200 192.168.1.250
32 !
33 ip dhcp pool OFFICE
34 network 192.168.1.0 255.255.255.0
35 default-router 192.168.1.254
36 dns-server X.X.X.X X.X.X.X
38 !
40 !
42 !
43 !
44 !
45 interface FastEthernet0/0
46 description LAN
47 ip address 192.168.1.254 255.255.255.0
48 ip nat inside
49 ip policy route-map internet
50 duplex auto
51 speed auto
52 !
53 interface FastEthernet0/1
54 description ET1011193$ES_LAN$
55 ip address 93.X.X.X 255.255.255.252
56 ip nat outside
57 duplex auto
58 speed auto
59 !
60 ip classless
61 ip route 0.0.0.0 0.0.0.0 93.X.X.X
62 !
63 ip http server
64 ip nat inside source list 1 interface FastEthernet0/1 overload
65 ip nat inside source static tcp 192.168.1.50 3000 interface FastEthernet0/1 3000
66 !
67 access-list 1 permit 192.168.1.0 0.0.0.255
68 access-list 10 permit 195.X.X.X
69 access-list 10 permit 192.168.1.0 0.0.0.255
70 !
71 control-plane
72 !
73 !
74 line con 0
75 line aux 0
76 line vty 0 4
77 access-class 10 in
79 login
80 transport input telnet
81 !
82 end
Solved! Go to Solution.
03-28-2017 09:23 AM
Looking at your configuration, its look-like you are planning to use policy-based routing to re-direct the traffic. but route-map is not defined
45 interface FastEthernet0/0
46 description LAN
47 ip address 192.168.1.254 255.255.255.0
48 ip nat inside
49 ip policy route-map internet <<<<<<<PBR is called, but not defined.
you can use below config to achieve your task
ip access-list extended internet-traffic
permit udp any any 3001
permit udp any any 3002
permit tcp any any 3001
permit tcp any any 3002
route-map internet permit 5
match ip address internet-traffic
set ip next-hop "IP-ADDRESS OF SECURITY DEVICE" verify-availability
route-map internet permit 10
interface FastEthernet0/0
ip policy route-map internet
03-28-2017 06:04 AM
First, can you please describe, what are you trying to achieve? What resource should be published and on which port?
03-28-2017 08:42 AM
Hi Dmitri, thanks for your reply.
Basically I would like to forward port 3000 and port 3001 to a security system which I have at the office. It must be done for both TCP and UDP protocols.
03-28-2017 09:23 AM
Looking at your configuration, its look-like you are planning to use policy-based routing to re-direct the traffic. but route-map is not defined
45 interface FastEthernet0/0
46 description LAN
47 ip address 192.168.1.254 255.255.255.0
48 ip nat inside
49 ip policy route-map internet <<<<<<<PBR is called, but not defined.
you can use below config to achieve your task
ip access-list extended internet-traffic
permit udp any any 3001
permit udp any any 3002
permit tcp any any 3001
permit tcp any any 3002
route-map internet permit 5
match ip address internet-traffic
set ip next-hop "IP-ADDRESS OF SECURITY DEVICE" verify-availability
route-map internet permit 10
interface FastEthernet0/0
ip policy route-map internet
03-30-2017 09:36 AM
Thank you Sohan! All works good now! Thanks a lot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide