Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
1
Replies

Soho 91 opening up Port 1000

david.santel
Level 1
Level 1

‎11-05-2011 06:07 PM - edited ‎03-04-2019 02:10 PM

I am trying to open up port 1000 on Ethernet1. I have tried every ACL imaginable and its not working.

Can someone suggest how to open up port 1000 on Ethernet1 external interface (Attached to cable Modem)

Santel#sh run
Building configuration...

Current configuration : 2581 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Santel
!
no logging buffered
!
username CRWS_Vijay privilege 15 password 7 041F5A4238704A6F4D165418212E1C057D7C
727E6766704153
username dsantel privilege 15 password 7 013715104E190400751C
no aaa new-model
ip subnet-zero
ip name-server 192.168.1.254
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw h323 timeout 3600
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
!
!
!
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
ip access-group 122 out
ip nat inside
no cdp enable
hold-queue 32 in
!
interface Ethernet1
ip address dhcp client-id Ethernet1
ip access-group 111 in
ip nat outside
ip inspect myfw out
duplex auto
no cdp enable
!
ip nat inside source list 102 interface Ethernet1 overload
ip classless
ip http server
no ip http secure-server
!
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 permit tcp any any eq telnet
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny   ip any any
access-list 122 deny   tcp any any eq telnet
access-list 122 permit ip any any
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end

Labels:
0 Helpful
1 Reply 1

cadet alain
VIP Alumni
VIP Alumni

‎11-07-2011 02:58 AM

Hi,

You want people from outside to access an internal client on port 1000?

if so just do static PAT:

-ip nat inside static source

Then make sure you dont deny this traffic inbound on your outside interface

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card