Hi, I have configured my 1921 with nat overload for my network. NAT/PAT is working fine and everyone can access the internet, and my static address translations for remote desktop are working as well. However, when I go to apply access list 101 to my inbound outside interface, all internet connectivity is lost. For some reason my RDP connections are being allowed when the access list isn't applied to the interface. Also, port 23 (telnet) is showing as open to the outside (canyouseeme.org) without an access list. I want only the ports in the access list (RDP, ect.) to be accessible from the outside, and I want SSH access to the router from the outside as well. Any help would be appriciated...thanks! This config is without the access list outside_access_in applied to the outside interface. Building configuration... Current configuration : 2274 bytes ! ! Last configuration change at 01:01:13 UTC Sat Jul 7 2012 by ADMIN ! NVRAM config last updated at 00:59:39 UTC Sat Jul 7 2012 by ADMIN ! NVRAM config last updated at 00:59:39 UTC Sat Jul 7 2012 by ADMIN version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname *****1921 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ! ! ! ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! license udi pid CISCO1921/K9 sn ******* ! ! username ******* privilege 15 secret ***** ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address X.X.X.X 255.255.255.224 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 ip address 10.254.51.1 255.255.255.248 ip nat inside ip virtual-reassembly in duplex auto speed auto ! ! router eigrp 1 network 10.0.0.0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list 100 interface GigabitEthernet0/0 overload ip nat inside source static tcp 10.100.51.10 3389 interface GigabitEthernet0/0 3389 ip nat inside source static tcp 10.100.51.251 1723 interface GigabitEthernet0/0 1723 ip route 0.0.0.0 0.0.0.0 gi0/0 ! access-list 100 remark Allow PAT access-list 100 permit ip 10.0.0.0 0.255.255.255 any access-list 101 remark Outside_Access_in access-list 101 permit icmp any any echo access-list 101 permit tcp any any eq 3389 access-list 101 permit tcp any any eq 1723 access-list 101 permit gre any any ! ! ! control-plane ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 login local transport input all ! scheduler allocate 20000 1000 end
... View more
Ok. I tried the commands for the RDP, and now I'm getting this when I try to remote in from the outside. 2 Apr 03 2012 21:19:40 106001 xxxx xxxx Inbound TCP connection denied from x.x.x.x/3335 to x.x.x.x/3389 flags SYN on interface Outside I'm still working with the VPN.
... View more