01-30-2017 03:49 AM - edited 03-08-2019 09:06 AM
hello dear prof!
i have running now in me little network a Mailserver, please i don't know
how to open the port 25,110 on me Cisco 1841 so that this Email-Server
with the static address in internal Network are reachable from the hole world.
i have configured a on 1841 Zone based firewall without DMZ Zone, but now,
i don't see no way to this. Can give me here any little help,please so that i can
do any static entry for example all traffic from 0.0.0.0 > 10.10.10.25 : 25, 110 allow
i have create picture of me idea.
thanks for your help!
Regards
Mauri
Solved! Go to Solution.
02-02-2017 11:22 PM
First you need some NATs:
ip nat inside source static tcp 192.168.1.xx 25 interfaceFastEthernet0/0 25
ip nat inside source static tcp 192.168.1.xx 110 interfaceFastEthernet0/0 110
Your zone based firewall is incomplete and not in use, so you don't need to do anything to make the NATs work. You can take a look at one config wizard for a Cisco 897 to see how to build a complete working zone based firewall config.
01-30-2017 02:39 PM
You will need to share your configuration for us to be able to suggest any changes.
01-31-2017 06:09 AM
02-02-2017 10:23 PM
Please Gentlemans!
may I kindly wan't ask for a possible answer!
best regards
Mauri
02-02-2017 11:22 PM
First you need some NATs:
ip nat inside source static tcp 192.168.1.xx 25 interfaceFastEthernet0/0 25
ip nat inside source static tcp 192.168.1.xx 110 interfaceFastEthernet0/0 110
Your zone based firewall is incomplete and not in use, so you don't need to do anything to make the NATs work. You can take a look at one config wizard for a Cisco 897 to see how to build a complete working zone based firewall config.
02-03-2017 02:32 AM
Thanks 1000 ! for your Help
so me ZBF are not complet :-(, please are possible to give me material to read a lillte more about this, so are possible that me ZBF are running like a Firewall that are complet, and not only a half time shot......
i found on Cisco Homepage any books.... like 700 site, but are possible that here exist any smaler one for understabd this, i respect this feature, and iam a fan from this! so i will to learn and setup correctly, can you give me here any possible links help Help information in which direction i need to go, top amcomplish this.
Regards and thaks for your Help!
Mauri
02-18-2017 04:55 AM
try to open port 25,110 and 21, but i don't have success.
ip nat inside source static tcp 192.168.1.20 21 interface FastEthernet0/0 21
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 110 permit tcp any host 192.168.1.20 eq ftp
access-list 110 permit ip any any
also trying:
ip nat inside source static tcp 192.168.1.20 21 PublicIP 21 extendable
but if scaning port 21, are closed, and no Connection available.
Mauri
02-20-2017 06:01 AM
Hello.
Please, i need to open port 21 from "Wan->Lan, site" on me Cisco 1841,
for any help i'am Happy
Regards
Mauri
02-20-2017 10:45 AM
You'll just need to add a single NAT like you did last time.
02-20-2017 01:04 PM
thanks for your answer
Yes, i have done, i add this NAT but without success ! port 21, 25, 110 still are closed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide