01-06-2014 02:15 PM - edited 03-07-2019 05:24 PM
Hi,
I have been trying for some time to configure a 887 VA W. I have the internet connection working and serving all outbound requests ok. The problem is when i try to set up port forwarding. I would like to configure forwarding for SMTP, SSL, and VPN port 1723. I have followed the documentation to the letter, used the Cisco Config Pro and atried lots from the web. When i configure the same way as the config pro package, it stops routing all outbound traffic. It may be as i have made some configs via cli and only used the pro as a last resort to make sure i was doing it right.
Anyway the first config is when working (i just remove the interface binding), The second is with interface binding.
Building configuration...
Current configuration : 4411 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-125431697
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-125431697
revocation-check none
rsakeypair TP-self-signed-125431697
!
!
crypto pki certificate chain TP-self-signed-125431697
certificate self-signed 01
quit
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
ip cef
!
!
license udi pid C887VA-W-E-K9 sn FCZ1643C0E5
!
!
username JasonBoull privilege 15 secret 4 342Q3M6UGSTTkwG7GxHA2L2ZBQ6EZgULDkIE3l
fgP1E
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
!
interface Vlan1
ip address 192.168.69.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address *.*.155.10 255.255.255.248
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *************
ppp chap password 0 **********
ppp pap sent-username ************* password 0 ***********
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT-ACL interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended NAT-ACL
permit ip 192.168.69.0 0.0.0.255 any
permit tcp any host 192.168.69.3 eq smtp
!
access-list 102 remark Allow Server Applications
access-list 102 remark CCP_ACL Category=1
access-list 102 remark SMTP
access-list 102 permit tcp any eq smtp host 192.168.69.3 eq smtp
access-list 102 remark Secure Web
access-list 102 permit tcp any eq 443 host 192.168.69.3 eq 443
access-list 102 remark WWW
access-list 102 permit tcp any eq www host 192.168.69.3 eq www
access-list 102 remark VPN
access-list 102 permit tcp any eq 1723 host 192.168.69.3 eq 1723
dialer-list 1 protocol ip permit
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
!
end
Now with the addition,
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-125431697
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-125431697
revocation-check none
rsakeypair TP-self-signed-125431697
!
!
crypto pki certificate chain TP-self-signed-125431697
certificate self-signed 01 nvram:IOS-Self-Sig#6.cer
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
ip cef
!
!
license udi pid C887VA-W-E-K9 sn FCZ1643C0E5
!
!
username JasonBoull privilege 15 secret 4 342Q3M6UGSTTkwG7GxHA2L2ZBQ6EZgULDkIE3l
fgP1E
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
!
interface Vlan1
ip address 192.168.69.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address 91.84.155.10 255.255.255.248
ip access-group 102 in
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0 evessufu
ppp pap sent-username
password 0 evessufu
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT-ACL interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended NAT-ACL
permit ip 192.168.69.0 0.0.0.255 any
permit tcp any host 192.168.69.3 eq smtp
!
access-list 102 remark Allow Server Applications
access-list 102 remark CCP_ACL Category=1
access-list 102 remark SMTP
access-list 102 permit tcp any eq smtp host 192.168.69.3 eq smtp
access-list 102 remark Secure Web
access-list 102 permit tcp any eq 443 host 192.168.69.3 eq 443
access-list 102 remark WWW
access-list 102 permit tcp any eq www host 192.168.69.3 eq www
access-list 102 remark VPN
access-list 102 permit tcp any eq 1723 host 192.168.69.3 eq 1723
dialer-list 1 protocol ip permit
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
!
end
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-125431697
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-125431697
revocation-check none
rsakeypair TP-self-signed-125431697
!
!
crypto pki certificate chain TP-self-signed-125431697
certificate self-signed 01 nvram:IOS-Self-Sig#6.cer
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
ip cef
!
!
license udi pid C887VA-W-E-K9 sn FCZ1643C0E5
!
!
username JasonBoull privilege 15 secret 4 342Q3M6UGSTTkwG7GxHA2L2ZBQ6EZgULDkIE3l
fgP1E
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
!
interface Vlan1
ip address 192.168.69.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address *.*.155.10 255.255.255.248
ip access-group 102 in
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap host*******
ppp chap password 0 ********
ppp pap sent-user********* password 0 *********
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT-ACL interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended NAT-ACL
permit ip 192.168.69.0 0.0.0.255 any
permit tcp any host 192.168.69.3 eq smtp
!
access-list 102 remark Allow Server Applications
access-list 102 remark CCP_ACL Category=1
access-list 102 remark SMTP
access-list 102 permit tcp any eq smtp host 192.168.69.3 eq smtp
access-list 102 remark Secure Web
access-list 102 permit tcp any eq 443 host 192.168.69.3 eq 443
access-list 102 remark WWW
access-list 102 permit tcp any eq www host 192.168.69.3 eq www
access-list 102 remark VPN
access-list 102 permit tcp any eq 1723 host 192.168.69.3 eq 1723
dialer-list 1 protocol ip permit
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
!
end
I will continue to secure the router and change defaults once it is sorted.
Thanks in advance for any help.
01-06-2014 02:17 PM
Sorry forgot to add, as well as stopping outbound traffic, I have not been successful in any inbound via VPN Telnet or web.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide