I have been struggling to understand why this is happening for some time now and have had no luck. I have used a 'route-map' to open ranges of ports for our IP phone system on the network, and have used static NAT commands for all other ports that require opening.
After doing several test's using online tools, I have gathered that the only ports which are open are 50, and 1720 (I am assuming that there is another reason why the online tools cannot see all the phone system port's to be open other than them not actually being open).
I have tried both using the external IP address and the external interface for the static NAT translations, however this hasn't seemed to made any difference.
Here is the NAT information from the running config; please let me know if there is any other information which would be useful.
22.214.171.124 has been used in this config as the hypothetical static WAN IP address
10.9.8.1 is the gateway for the management VLAN (the IP address I use to SSH in to the router)
10.9.8.2 is the VLAN1 interface for the only switch in the LAN
172.16.128.194 is the management address for the wireless access point in the LAN
172.16.128.192 is the address of the server
192.168.255.129 is the IP address of the IP phone system
All interfaces on the router are configured with 'ip access-group 1 in' and 'ip access-group 1 out'
ip nat inside source list 1 interface Dialer1 overload ip nat inside source static tcp 10.9.8.1 51 126.96.36.199 51 extendable ip nat inside source static tcp 10.9.8.2 52 188.8.131.52 52 extendable ip nat inside source static tcp 172.16.128.194 54 184.108.40.206 54 extendable ip nat inside source static tcp 172.16.128.192 80 220.127.116.11 80 extendable ip nat inside source static tcp 172.16.128.192 443 18.104.22.168 443 extendable ip nat inside source static 192.168.255.129 22.214.171.124 route-map IPECS_Port_Forwarding_NAT ! ip access-list extended IPECS_Port_Forwarding permit tcp host 192.168.255.129 any range 1717 1720 permit tcp host 192.168.255.129 any eq 50 permit udp host 192.168.255.129 any range 6000 6047 permit tcp host 192.168.255.129 any range 6000 6588 permit udp host 192.168.255.129 any range 8000 8047 permit udp host 192.168.255.129 any range 9000 9047 permit udp host 192.168.255.129 any range 5060 5060 permit udp host 192.168.255.129 any range 5588 5588 permit udp host 192.168.255.129 any range 7000 7015 permit udp host 192.168.255.129 any range 7100 7115 permit udp host 192.168.255.129 any range 7300 7315 ! access-list 1 permit any route-map IPECS_Port_Forwarding_NAT permit 10 match ip address IPECS_Port_Forwarding
Thanks in advance for any help that can be given on this issue,
IntroductionFeatured AuthorLive QuestionsQ: In this digital era, how do you differentiate between IT and Cybersecurity? Could you please share your thoughts on this.Q: On a Cyber Security point of view which is the right way to go - CCNP Security or Cyber...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
There has been a lot of grey area when one needs to get started with ISE or when one does not have any specific background.Could you please guide me to what are the thing that one needs to know inside out and what are the things which require only a minim...
Hello Guys, I'm trying to create a simple script to create new objects on FMC via API, but I'm facing issues(Python 3.8). Script(that pretty simple, I'm not programmer, but I'm trying): import base64import sysimport requestsimport reimport ...
NetSec YouTube Channel
The NetSec Team is adapting our content delivery methods to enable our stakeholders to get the information they need from the places they frequent the most. YouTube is the go-to place for billions of users to learn about tech...