cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

284
Views
0
Helpful
0
Replies
Highlighted
Beginner

Cannot access forwarded ports from the internet

Hi all,

I have a Cisco 800 Series router that i configured to do some port forwarding. However i must have done something wrong, because i am unable to access the ports .

Here is the configuration file of the router.

Sorry it i pasted too much info, i'm new working with Cisco routers

Building configuration...

Current configuration : 9429 bytes

!

! Last configuration change at 13:39:12 PCTime Thu Jan 5 2006 by xxx

! NVRAM config last updated at 19:45:42 PCTime Mon Jan 2 2006 by xxx

!

version 15.0

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname pbr.mtn.w

!

boot-start-marker

boot system tftp c860-universalk9-mz.153-3.M.bin 255.255.255.255

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret 5 xxx

!

no aaa new-model

memory-size iomem 10

clock timezone PCTime 2

!

crypto pki trustpoint TP-self-signed-2673109117

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2673109117

revocation-check none

rsakeypair TP-self-signed-2673109117

!

!

crypto pki certificate chain TP-self-signed-2673109117

certificate self-signed 01

  30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32363733 31303931 3137301E 170D3036 30313032 31373232

  35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36373331

  30393131 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100CD17 E55A2286 3F4D2F14 98499254 8DE9B540 7413A05A C229BD7E 72C6E7AA

  7BD657C2 D824C6E4 0C0FD8AB 5EF6871B A28F298C 391DA225 FA4C92D7 5E3C6B06

  B3447494 EA058319 72A69FEA 305751EE B7D7087A 406216C3 6CC14AB8 056B52F4

  117366AD 531E0515 6801228D 7DAA8454 A00A880D 4023B8B3 983DE19C FB00F077

  32450203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603

  551D1104 1C301A82 18706272 2E6D746E 2E772E79 6F757264 6F6D6169 6E2E636F

  6D301F06 03551D23 04183016 80148E65 3A8C9B6B E552653E EA96DCD1 F13DD1F1

  8198301D 0603551D 0E041604 148E653A 8C9B6BE5 52653EEA 96DCD1F1 3DD1F181

  98300D06 092A8648 86F70D01 01040500 03818100 B6F568EE 3AFBBF7A B4DEC150

  B6B8860B D953E444 8925C26C 4186AED4 8EAF9F2F D2F335E4 916F941C 1E831EEE

  77C5A9A2 EB7EB7AA 540FF094 8FA28668 91C39BB2 2852DEB9 414DD37B EE984C20

  CE755A14 37C41233 B0B93B55 52E15783 089B59AA AAE54620 352D3820 59DD24A3

  F1E3EC91 CCDE72AA 7544C9C6 1C12EDAF 95767D97

      quit

no ip source-route

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 192.168.1.1 192.168.1.219

ip dhcp excluded-address 192.168.1.241 192.168.1.254

ip dhcp excluded-address 10.10.10.21 10.10.10.254

!

ip dhcp pool ccp-pool1

   import all

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1

!

ip dhcp pool GuestPool

   import all

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.80

   dns-server 217.14.128.50 212.99.2.8 212.108.200.77 212.82.225.7

   lease 7

!

!

ip cef

no ip bootp server

ip domain name yourdomain.com

ip name-server 196.44.250.214

ip name-server 196.44.250.215

ip name-server 41.223.226.30

ip name-server 212.118.241.1

ip name-server 213.157.176.2

ip name-server 62.128.175.14

!

!

license udi pid CISCO861W-GN-E-K9 sn FCZ161392V5

!

!

username xxx privilege 15 secret 5 xxx

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh version 2

!

class-map type inspect match-any ccp-cls-insp-traffic

match protocol cuseeme

match protocol dns

match protocol ftp

match protocol h323

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-invalid-src

match access-group 100

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect match-all ccp-protocol-http

match protocol http

!

!

policy-map type inspect ccp-permit-icmpreply

class type inspect ccp-icmp-access

  inspect

class class-default

  drop

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

class type inspect ccp-protocol-http

  inspect

class type inspect ccp-insp-traffic

  inspect

class class-default

  drop

policy-map type inspect ccp-permit

class class-default

  drop

!

zone security out-zone

zone security in-zone

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

!

!

!

!

!

!

!

interface Null0

no ip unreachables

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex auto

speed auto

pppoe-client dial-pool-number 1

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan1

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.1.80 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly

zone-member security in-zone

ip tcp adjust-mss 1412

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1452

ip flow ingress

ip nat outside

ip virtual-reassembly

zone-member security out-zone

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxx

ppp chap password 7 xxx

ppp pap sent-username xxx password 7 xxx

no cdp enable

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip flow-top-talkers

top 20

sort-by bytes

cache-timeout 20

!

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.25 8890 interface Dialer0 8890

ip nat inside source static tcp 192.168.1.25 80 interface Dialer0 80

ip nat inside source static tcp 192.168.1.45 21 41.186.26.35 21 extendable

ip route 0.0.0.0 0.0.0.0 Dialer0

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for  one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you

want to use.

-----------------------------------------------------------------------

^C

banner login ^C---------------------------------------------------------------------------

                              NOTICE TO USERS

---------------------------------------------------------------------------

THIS IS A PRIVATE COMPUTER SYSTEM.  Unauthorized or improper use of this

system may result in administrative or disciplinary action and civil and

criminal penalties.

Any or all uses of this system and all files on this system are monitored,

and recorded.

This system is the property of xxx .

---------------------------------------------------------------------------

Disconnect IMMEDIATELY if you are not an authorized user!

---------------------------------------------------------------------------

^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line 2

no activation-character

no exec

transport preferred none

transport input all

line vty 0 4

privilege level 15

login local

transport preferred telnet

transport input telnet

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

Everyone's tags (6)
CreatePlease to create content
Content for Community-Ad