cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
790
Views
0
Helpful
1
Replies

887VA W cannot allow port forwarding

jason.boull
Level 1
Level 1

                   Hi,

I have been trying for some time to configure a 887 VA W. I have the internet connection working and serving all outbound requests ok. The problem is when i try to set up port forwarding. I would like to configure forwarding for SMTP, SSL, and VPN port 1723. I have followed the documentation to the letter, used the Cisco Config Pro and atried lots from the web. When i configure the same way as the config pro package, it stops routing all outbound traffic. It may be as i have made some configs via cli and only used the pro as a last resort to make sure i was doing it right.

Anyway the first config is when working (i just remove the interface binding), The second is with interface binding.

Building configuration...

Current configuration : 4411 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-125431697
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-125431697
revocation-check none
rsakeypair TP-self-signed-125431697
!
!
crypto pki certificate chain TP-self-signed-125431697
certificate self-signed 01
        quit
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
ip cef
!
!
license udi pid C887VA-W-E-K9 sn FCZ1643C0E5
!
!
username JasonBoull privilege 15 secret 4 342Q3M6UGSTTkwG7GxHA2L2ZBQ6EZgULDkIE3l
fgP1E
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
!
interface Vlan1
ip address 192.168.69.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address *.*.155.10 255.255.255.248
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *************

ppp chap password 0 **********
ppp pap sent-username ************* password 0 ***********
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT-ACL interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended NAT-ACL
permit ip 192.168.69.0 0.0.0.255 any
permit tcp any host 192.168.69.3 eq smtp
!
access-list 102 remark Allow Server Applications
access-list 102 remark CCP_ACL Category=1
access-list 102 remark SMTP
access-list 102 permit tcp any eq smtp host 192.168.69.3 eq smtp
access-list 102 remark Secure Web
access-list 102 permit tcp any eq 443 host 192.168.69.3 eq 443
access-list 102 remark WWW
access-list 102 permit tcp any eq www host 192.168.69.3 eq www
access-list 102 remark VPN
access-list 102 permit tcp any eq 1723 host 192.168.69.3 eq 1723
dialer-list 1 protocol ip permit
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
!
end

Now with the addition,

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-125431697

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-125431697

revocation-check none

rsakeypair TP-self-signed-125431697

!

!

crypto pki certificate chain TP-self-signed-125431697

certificate self-signed 01 nvram:IOS-Self-Sig#6.cer

ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

!

!

!

!

!

ip cef

!

!

license udi pid C887VA-W-E-K9 sn FCZ1643C0E5

!

!

username JasonBoull privilege 15 secret 4 342Q3M6UGSTTkwG7GxHA2L2ZBQ6EZgULDkIE3l

fgP1E

!

!

!

!

!

controller VDSL 0

!

!

!

!

!

!

!

!

!

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Ethernet0

no ip address

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

no ip address

!

interface wlan-ap0

description Embedded Service module interface to manage the embedded AP

no ip address

!

interface Vlan1

ip address 192.168.69.2 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Dialer0

ip address 91.84.155.10 255.255.255.248

ip access-group 102 in

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname

na1296170@adsl.eclipse.co.uk

ppp chap password 0 evessufu

ppp pap sent-username

na1296170@adsl.eclipse.co.uk

password 0 evessufu

no cdp enable

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list NAT-ACL interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended NAT-ACL

permit ip 192.168.69.0 0.0.0.255 any

permit tcp any host 192.168.69.3 eq smtp

!

access-list 102 remark Allow Server Applications

access-list 102 remark CCP_ACL Category=1

access-list 102 remark SMTP

access-list 102 permit tcp any eq smtp host 192.168.69.3 eq smtp

access-list 102 remark Secure Web

access-list 102 permit tcp any eq 443 host 192.168.69.3 eq 443

access-list 102 remark WWW

access-list 102 permit tcp any eq www host 192.168.69.3 eq www

access-list 102 remark VPN

access-list 102 permit tcp any eq 1723 host 192.168.69.3 eq 1723

dialer-list 1 protocol ip permit

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

stopbits 1

line vty 0 4

privilege level 15

login local

transport input telnet ssh

transport output telnet ssh

!

scheduler allocate 20000 1000

!

end

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-125431697

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-125431697

revocation-check none

rsakeypair TP-self-signed-125431697

!

!

crypto pki certificate chain TP-self-signed-125431697

certificate self-signed 01 nvram:IOS-Self-Sig#6.cer

ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

!

!

!

!

!

ip cef

!

!

license udi pid C887VA-W-E-K9 sn FCZ1643C0E5

!

!

username JasonBoull privilege 15 secret 4 342Q3M6UGSTTkwG7GxHA2L2ZBQ6EZgULDkIE3l

fgP1E

!

!

!

!

!

controller VDSL 0

!

!

!

!

!

!

!

!

!

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Ethernet0

no ip address

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

no ip address

!

interface wlan-ap0

description Embedded Service module interface to manage the embedded AP

no ip address

!

interface Vlan1

ip address 192.168.69.2 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Dialer0

ip address *.*.155.10 255.255.255.248

ip access-group 102 in

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap host*******
ppp chap password 0 ********

ppp pap sent-user********* password 0 *********

no cdp enable

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list NAT-ACL interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended NAT-ACL

permit ip 192.168.69.0 0.0.0.255 any

permit tcp any host 192.168.69.3 eq smtp

!

access-list 102 remark Allow Server Applications

access-list 102 remark CCP_ACL Category=1

access-list 102 remark SMTP

access-list 102 permit tcp any eq smtp host 192.168.69.3 eq smtp

access-list 102 remark Secure Web

access-list 102 permit tcp any eq 443 host 192.168.69.3 eq 443

access-list 102 remark WWW

access-list 102 permit tcp any eq www host 192.168.69.3 eq www

access-list 102 remark VPN

access-list 102 permit tcp any eq 1723 host 192.168.69.3 eq 1723

dialer-list 1 protocol ip permit

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

stopbits 1

line vty 0 4

privilege level 15

login local

transport input telnet ssh

transport output telnet ssh

!

scheduler allocate 20000 1000

!

end

I will continue to secure the router and change defaults once it is sorted.

Thanks in advance for any help.

1 Reply 1

jason.boull
Level 1
Level 1

Sorry forgot to add, as well as stopping outbound traffic, I have not been successful in any inbound via VPN Telnet or web.

Review Cisco Networking for a $25 gift card