Cisco Firewall :: Port Forwarding A Range Of Ports (PIX 6.3)
Dec 5, 2012
I have a network with multiple servers behind a PIX with 6.3 on it. I have one public IP address, and I'm using NAT. I'm currently trying to port my Exchange server to a cloud host, and the vendor is requiring I open up a wide range of ports for MAPI, basically ports 1024 on. What would be the command to forward all of the trafic cominto/from that broad range? if I could simply route all trafic to and from their two IP addresses to my email server, that would accomplish the same end goal.
I need to open port range 554 - 558 to a DVR on the internal network. Also, I need to NAT one of my public IP's to the DVR. How is this accomplished in 8.4? I was able to do it in an older version ASA software.
I have an ASA 5505 on a job. It is a smaller business that would have done better with an RV082, but they have what they have. It is running firmware 8.4. The client needed ports forwarded for their FTP server. The port range in this config is tcp 43333-43339. The FTP server ip is 192.168.1.2. [Code] ......
I’m having serious issues getting Tandberg H.323 working behind this router with NAT.
My setup is Cisco 1811 configured with Fas0 to pull DHCP (public address). This router is being used in a mobile medical clinic VAN so the setup needs to be seamless and transparent to the users. The idea with the DHCP is anywhere they go they could pull a DHCP address and then NAT behind that address. The van visits mostly small schools in the Texas Rio Grande Valley providing medical assistance and consulting to the local community. The router has an 8 port built in switch and all ports are sitting in default VLAN 1.
Basic stripped down config, only relevant commands listed…
ip dhcp excluded-address 10.0.0.1 10.0.0.4
ip dhcp pool VANnet network 10.0.0.0 255.255.255.240 default-router 10.0.0.1 dns-server 10.0.0.1(code)
Now initially I can’t even get the call to connect with just using the ports above, which I should. Also knowing there are several issues with H.323 and NAT I went ahead and added all know ports Tandberg says they use…
Basically I created static NAT entries for all the ports and the ranges above. For the ranges I had to add a line for every port.
This didn’t and hasn’t worked yet even with some additional tweaking… Finally the question… am I going about this all wrong? Is there an arrangement of commands that will even work? How can I accomplish the port forwarding setup on a Linksys/Netgear router on a real Cisco router?
I have a Cisco 881 router in my office and I would like to do port forward for port 5060, and 10000 - 20000 to my PABX(192.168.1.61). After I did some research from internet, understand that we need to NAT by using following command to do port forward for port 5060. ip nat inside source static udp 192.168.1.61 5060 XXX.XXX.XXX.XXX(WAN IP) 5060 extendable However, now I'm facing an issue to perform port forward for a huge range of ports like 10000 to 20000.
Service: TEST Port type: UDP Starting port: 5060 Ending port: 5070
and I want to forward it to a specific IP. Then, if I create a new port forwarding rule for this service it asks me to specify a single port number to be used internally as:
Action: Always Allow Service: TEST Source IP: Any Destination IP: 10.0.0.100 Internal Port: ?
I want to forward all ports from 5060 to 5070 to the internal range 5060 to 5070.
I am not a tech guy but have to take care of some basic IT stuff. I had Ether fast cable/DSL router and it got changed with RV 120W router. there were comment that internet is now working slowly - what could be the reason for this?
I copied most of settings. First big technical problem was with phone. It stopped working - call could get through but when answered there was no sound. We use linksys modem for VoIP. I called operator and was told to disable sip alg. I did that and service improved a little. When answering a call sound could get through but would stop for few moments and then continue. Operator told me to forward port 16384 to 16482 to VoIP modem IP. But I can only set forwarding for one port at the time in "Port forwarding" settings. Is there a way to forward to port range?
I have a Cisco 881 router in my office and I would like to do port forward for port 5060, and 10000 - 20000 to my PABX(192.168.1.61).After I did some research from internet, understand that we need to NAT by using following command to do port forward for port 5060.
ip nat inside source static udp 192.168.1.61 5060 XXX.XXX.XXX.XXX(WAN IP) 5060 extendable.However, now I'm facing an issue to perform port forward for a huge range of ports like 10000 to 20000.It is impossible to ask me add one by one?
I currently have an E1200. I can port forward single ports, but when I attempt to forward a range of ports it doesn't work and there is no error in the log.
Specifically I am port forwarding RTP ports (10000 - 20000). I am aware of the security risks, please do not preach.
I have configured port range forwarding (8440 - 8449) for a single PC (192.168.1.134) and am unable to access these ports from outside my LAN. Conversely, if I set up single port forwarding for each of the ports in the range for the same computer then I am able to access from outside my LAN. Does port range forwarding actually work?
I have a WRT160n that I am trying to forward some ports on for some DVR equipment. When I use the single port forwarding and enter each port separately it works fine. But I have 2 DVR's and they use a bunch of ports each so I want to use the port range forwarding because there are not enough spots in the single port forwarding section. The ports I am trying to forward are 8000-8004 for one IP address and 8005-8009 for a second IP address. I have entered it into the port range forwarding section but I can not connect from outside my network. As I said if I enter them in the single port section seperately as 8000,8001,8002,8003,8004 then I can connect fine outside my network.
At the E4200 there is a limit of (free to make) 15 Single port forwarding and 15 port range forwarding to fill in.I get as suggestion that I must give up a total range of ports where all the ports I use where in.But for security reasons I will not do that.
I'm trying to make the server work for minecraft and I have the port number for the port which is 25565.I just need to know where exactly to enter this information. I also know that the protocol is supposed to be set for both tcp/udp.
So basically I guess my question is, where exactly do I put the port number if the one given to me was 25565?
I also have a few servers with services I need to expose to outside the network (RDP and some websites) where the external port is not the same as the LAN port. I could accomplish this with my previous router using port forwarding and it looks like I can do the same here on the RV220W but I can't quite get it to work successfully.
I'm struggling to set up an SSH router and it always looks like the port is closed...
Here's my set-up
www>D-Link router (ADSL connection)>Linksys router (+Tomato)>Target PC
I have set up the Linksys router to be an SSH server running Tomato as described in many other forums. The "Tomato router" sits behind my ISP-provided D-link-2680 router.
The internal IP of the Tomato router is 192.168.1.200 and if I try: Code:
I've created some port forwards from my public IP (Dialer0) to our private LAN but only the 25565 port forward works. I've even added an any statement to the Nat source list Homenet_NAT. Full config attached. My Cisco router is an 877W. [Code]
I have a cable modem hooked up to a Linksys WRT54G2 wireless router, which is hardwired to the computer I use.
I go into the router's menu by going through the standard 192.168.1.1 in the browser, and then go to Applications and Gaming. The port I am trying to open is port 25565 for both TCP and UDP. In the Start and End ports I put 25565, and for the end of the IP Address, I put the last digits of my IPv4 address (10). I used a couple of port checker tools, and it is reporting as still being closed.
I've an ASA 5505 as my gateway for my internet at home. I've one public IP, so I use Port Address translatetion for my internal clients.
Now i wanna setup a FTP server, on a internal client. I will use Filezilla FTP server. I'm running the FTP server in passive mode, since the FTP server would be behind my ASA firewall/nat device.
I need 50 ports for the passive mode to be running.
I will use port range 50000-50050. I can easy make a firewall rule (access-list) that permit that port range.
But how do I PAT(NAT) a port-range on the ASA device? I can only figure out how to NAT one port at the time.
I have an ASA 5505 running 8.4(1), and I'm configuring it with ASDM 6.4(1). The outside interface is configured with a single static address. I have a few services port forwarded sucessfully to three different servers on the inside network.
I need to make a media proxy on a SIP server available to the outside. It requires a large range of forwarded UDP ports for the media channels.
I tried adding a network object NAT rule like the others I'm already using to forward HTTP and RDP. I entered a range of ports for the real port and the mapped port using the syntax 60000-60999. ASDM accepted it, but the NAT rule list displays "Any" in the service column. When I apply the change, I get the following error:
nat (inside,outside) static interface service tcp 60000-60999 60000-60999 ^ ERROR: % Invalid input detected at '^' marker.
How do I forward a large range of UDP ports from the outside interface to a single server on my inside network? I'd like to use ASDM, but I can switch to the CLI if that works better.
I can SSH from the internet to my ASA on default port 22, directly to my public IP. I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960. From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841. I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
The bottom line is that i want to be able to SSH to all three devices from the internet. I only have one public IP. As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001. It appears that changing the default SSH port on Cat 2960 is not an option. It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
show asp table socket TCP 001f549f <<pub IP>>:22 0.0.0.0:* LISTEN
how do i make it listen on different port?
Here is relevent config for SSH for cisco 1841 (port forwarding)
I am trying to open up port 32400 on my 881w Cisco router but I have not had any success I need to configure manual port-forward to enable my Plex Media server.
i'm having a problem portforwarding/redirection for the pix 501?I'm trying to open the ports 49003 and 40085 in order to view our dvr remotely and i'm not exactly sure how to it.
I have an issue with portforwarding in my teleeye cctv behind asa 8.4. I can browse the DVR outside via http however when i attempt to login, "server busy" will prompt afterwards. Note: Theres no issue when acesssing the DVR locally.
Heres my config. OUTSIDE INTERFACE: interface Ethernet0/3 speed 100 duplex full [Code]...
I just bought a Cisco ASA5505. I'm trying to opening a port range through CLI, but it doesn't seem to be working.
Background:I have an FTP Server running behind the firewall and need to allow port ranges 30000-30100 for data connections. I have been using FTP through the command prompt and its working. However, I cannot use it through the FileZilla client as it fails to query the directories. I have the ASA forwarding to port 1125 from 21 in passive mode.
Access-List: access-list Outside_Access_In line 3 extended permit tcp any any eq ftp-data (hitcnt=0) 0xfa8ed43d access-list Outside_Access_In line 4 extended permit tcp any any eq ftp (hitcnt=17)
: Saved : Written by enable_15 at 03:51:29.049 UTC Mon Feb 4 2013 ASA Version 8.4(4)1 host name cisco asa enable password xxxxx encrypted password xxxxx encrypted names interface Ethernet0/0 switch port access v lan 100 interface Ethernet0/1 interface Ethernet0/2 [code]...
i have a asa with a outside IP address of 140.32.121.5. behind this firewall i have a cisco MWR 2941 that i would like to connect to via telnet. its inside ip address is 10.10.10.2. my reasoning for this is because i cannot SSH or telnet from a ASA so i need to have the ASA push my telnet request to the router on its inside interface.i have tried some NAT examples but i am very green with NAT. i have also built access lists that look like the follow " access-list 101 permit tcp any 10.10.50.2 eq 23. and then tied the access-group 101 with the outside interface. this also with no success.
I've tried setting up some simple port forwarding on my ASA, where I want to forward one port on the external interface for both UDP and TCP to the same port on an internal server.
It works fine for UDP, but all TCP packets are dropped on the outside interface, even though the configuration for UDP and TCP is basically the same! This is my config:
object network MY_SERVER host 10.10.1.4 object service TCP_MY_SERVICE
[Code].....
Port count goes up on line 2 (UDP) but never for line 1. I just see the packet denied instead. Same thing happens in the packet tracer, a packet destined for my external interface on that port for UDP is allowed and NAT'd just fine. TCP it gets dropped by the ACL on the outside interface.
I have a Cisco ASA 5510 appliance running ASDM 6.3 We have a number of public IP addresses associated with our company. In order to utilise the IP addresses effectively I want to use one puplic IP address for two servers running on different ports.e.g.
Public IP address 78.109.174.100
for both
Server 1 HTTPS and HTTP Server 2 FTP
Both Servers live in the same subnet (DMZ) I believe this maybe port forwarding but could be completely wrong. I've tried creating a NAT rule that goes from Server 2 Network object to Server 1 external but this didn't work.
