Cisco Infrastructure :: 1941 Opening Port Range For IP
Jul 1, 2011
I have a LAN with Cisco 1941 as the only router with NAT that connects it to the internet, with a single public IP. There are many gamer users, and they complain that Call of Duty Modern Warfare 2 sees our network as "strict NAT", while for full gaming experience it needs "open NAT". After a small research I have found out that CoD needs certain port ranges to be forwarded to LAN IPs. Well, I know how to forward a range of ports to a single IP, but how is it possible to forward a port range for all the IPs in the LAN?
I just bought a Cisco ASA5505. I'm trying to opening a port range through CLI, but it doesn't seem to be working.
Background:I have an FTP Server running behind the firewall and need to allow port ranges 30000-30100 for data connections. I have been using FTP through the command prompt and its working. However, I cannot use it through the FileZilla client as it fails to query the directories. I have the ASA forwarding to port 1125 from 21 in passive mode.
Access-List: access-list Outside_Access_In line 3 extended permit tcp any any eq ftp-data (hitcnt=0) 0xfa8ed43d access-list Outside_Access_In line 4 extended permit tcp any any eq ftp (hitcnt=17)
I have a 1941 Cisco router with WIC-!AM-V2 card that is uning pots( regural phone ) line for data traffic.the problem I am having is the line is establishing connection but it intermittently dropos.The router is configured to dial to Centraal office and I have more that 100 other locations with the same setup that are working fine. The only differene on htis one is it is going thru a PBX line.
How I can prioritize Web Ex, Skype and some two websites on Cisco equipment. My set up is such that my 512kbps link goes to a Cisco 1941 router>Cisco ASA 5505>Cisco Catalyst Switch 2960>Computer.I want to be able to prioritize this on my network and test that it actually works.
I have a 1941 router tt needs to be setup with the range of WAN ip addresses ip nat inside outside don't allow me to use it..How can i configure on the router to ensure from outside i'm able to access to firewall (129.2.1.2) ?
I want to open a certain port on my router and I know it shouldn�t be a problem, just go inside of your router settings and add the port manually. But somehow I was enough smart to forget my routers username and password, now my question is my only option a hard reset of the router and deleting all the work I put in to connecting the two computers with my router (believe me I had my share of troubles connecting them with the router) or is there a way to open the port on the router from my computer without accessing my router settings.
my friend was against a wall trying to update her office's system, and it seems like every Cisco person in the region has gone on vacation.For some sort of new system her office is getting, she was told that she needed to enable NAT with external IP xxx.xxx.xxx.14 (The ASA's IP is xxx.xxx.xxx.11) and internal IP xxx.xxx.xxx.58 and that port 8222 needs to be open. I know this is sort of vague, but it's what she was given, and I know the 8222 port is very specific in function,?
At any rate, the best I could come up with was to run:
But after I inserted this, she did what she was supposed to be able to do (went home and tried to run some sort of remote installation file) and it didn't work...
I have a DSL modem (custom made and branded by my ISP) which is receiving a DSL stream... it has an external IP which is visible to the world, say, 11.22.33.44 ... This modem has DHCP enabled, has an internal IP for itself, which is 192.168.1.1 .. it is connected to 2 laptops via and ethernet cable .. Laptop 1 has IP 192.168.1.2, and Laptop 2 has IP 192.168.1.3 ...On Laptop 1, two applications are running, jDownloader and Media Player Classic, which have their web interfaces on ports 8765 and 13579,respectively.. I can access both of these web interfaces from Laptop 2 by opening these addresses: 192.1681.2:8765 and 192.168.1.2:13579 ... both of their web interfaces open up, meaning the web interfaces are working fine ..Moving on, I now want to access these web interfaces from outside my network as well, and so I've configured port forwarding in my DSL modem to forward all traffic on ports between 8000 and 14000 (both TCP and UDP) to IP 192.168.1.2 ... I have verified that port forwarding is working by testing it using PortForward.com's port checker tool, and this website too: Open Port Check Tool - Test Port Forwarding on Your Router When I use the website, if I'm running the applications on Laptop 2, the website reports that the port is open .. if I then close the application, the website reports the port is closed ... This makes sense as nothing is listening on my machine in the latter case .. Also, if I disable port forwarding in my modem, again, the website reports the port is closed ... so, the website's results seem to be okay ...
Despite the above tools reporting that port forwarding is working, I am unable to open the web interfaces from outside my network ... So for example, if I tried to browse 11.22.33.44:8765 or 11.22.33.44:13579, nothing opens in my browser ... But if I accessed these web server's locally from Laptop 3, by typing in 192.168.1.2:8765 or 192.168.1.2:13579, they opened ... The tools report unanimously that port forwarding is working, and yet I am unable to open the web interfaces from outside the network ..Also note that I have disabled the firewall from my computer, and have also made sure that any option in the above programs (whose web interfaces I am trying to open) that says only local connections are to be accepted, is disabled ...
I am having some problem with fowarding some ports. Everytime I try to open a port, specifically 27015 it wont open. I go onto canyouseeme.com and it says there is no route to host. I have a Westell A90-750015-07. All of my firewalls are also turned off.
So I am working on a website with MySQL/PHP that I have been developing on my Linux box. I wanted to show a friend my progress so I temporarily opened up port 80. So he was able to just type in my public IP and it brought him to my localhost index.
My question is, when I type in my IP address in the URL bar, does the web browser automatically just assume port 80? What happens if I want to have 2 different servers from the same local network and one is running through port 80 and the other is running through port 90? In this case, would I have to type ":90" to access the machine running on port 90?
I have a cable modem hooked up to a Linksys WRT54G2 wireless router, which is hardwired to the computer I use.
I go into the router's menu by going through the standard 192.168.1.1 in the browser, and then go to Applications and Gaming. The port I am trying to open is port 25565 for both TCP and UDP. In the Start and End ports I put 25565, and for the end of the IP Address, I put the last digits of my IPv4 address (10). I used a couple of port checker tools, and it is reporting as still being closed.
I am looking to add a new DMZ zone to our network with have a standard 1941 (1x LAN / 1 x WAN port) and so I need a 3rd routable L3 interface to create the DMZ.
Is the HWIC-1FE what I am looking for or is there another way to do this?
During an installation, we plugged a Ruckus wireless bridge (powered by a PoE injector) into G0/0 on the 1941. The port status remained down/down. We then tried connecting it to G0/1. Again, the port status remained down/down. We took another wireless bridge, plugged it into G0/0 and the port changed to up/up status within a few seconds. The same happened when connected to G0/1. Both ports are have speed/duplex set to auto/auto.We took the cable from the first wireless bridge and connected it a 3550 switch, the FastEthernet port went up/up. We then took the cable and connected it to a switchport card (HWIC-4ESW) that was installed in the 1941 router. The port came up/up.We connected to wireless bridge back to G0/0 in the 1941 and manually set the speed/duplex to 1000/full. The link light on the router became illuminated after a few seconds but no console message was displayed (nor did any events appear in the log) and a "show int g0/0" showed the port status as down/down. This was could not be duplicated as this only happened one time The wireless bridges sit atop of a water tower and are connected each via a shielded ethernet cable. The cable that we're having trouble with is cat5e STP and about 310feet in length. I should note that we have not yet swapped the PoE injector but it seams to be functioning properly as power is getting to the wireless bridge and its accessible. Also because if the wireless bridge for some reason didn't come back up after a power cycle it would potentially mean climbing the tower to perform a hard reset. We tried another 1941 with same results however we have not tried another router model to rule out a potential platform issue. Can you recommend any troubleshooting steps to determine why the port status of the gig interfaces on the 1941 don't come up?
I have a Cisco 1941 K9 Router. I want to add POE functionaltiy to it. Specifically I want a 4 port EHWIC POE switch to power a couple of AP's.
This is what I understand I need; Upgrade/replace the internal power supply with PWR-1941-POE power supply, This is supplied with a fan replacement also (not yet purchased).buy 1 x EHWIC-4ESG (4 port switch)buy 1 x ILPM-4 (inline daughter card / power supply board) I think the real question here is the 4 port switch... there are two types available one is EHWIC-4ESG=the other is EHWIC-4ESG-P=
Is there any difference between these two switch modules? or are they the same and the more expensive "P" version is simply supplied with the ILPM-4 daughter card for POE?
I have recieved via courier today 1 x EHWIC-4ESG, and found a ILPM-4 on ebay for a good price. WIll this provide POE through the switch EHWIC-4ESG?
I Have a Cisco 1941 router which had its GE0/1 port burnt out and we have since plugged in a module with 4 fast ethernet ports. I need to reconfigure the router such that at least one of the Fast ethernet ports can server the purpose of the GE0/1. GE0/0 connects to our Service provider and GE0/1 connected to the inside network.Currently, while connected to one of the ethernet ports, i can telnet into the router on the address 192.168.29.1. when i'm on the router, i can ping our remote site, network address 192.168.24.0 with no problem, but when i use the command "Ping 192.168.24.0 source 192.168.29.1" there is no response.
I have a cisco 1941 router. Stock standard vanilla hardware, no extras. Standard universal image. Data and Security not enabled.I would like to add a 4 gigabit port POE switch (EHWIC) module to the router..The 4 port POE switch module will be used to power and connect 2 x Areonet AP's for my home. I'm replacing a Apple Airport Extreeme and Express setup. I'll possibly later use the two remaining POE ports for security cameras.My question is, what extra hardware and or IOS version do I need for the POE swtich module to function on the 1941? [URL] I think this is the model I want EHWIC-4ESG-P #4 port 10/100/1000 Enhanced High-Speed WAN Interface Gigabit Ethernet switch with Power over Ethernet?
My questions is can a 4 port PoE switch module (EHWIC-4ESG-P) and a 8 port switch module (EHWIC-D-8ESG) be used at the same time in a Cisco 1941 router?
One of branch locations has a Cisco 1941 Router . The port details are as follows
-Gi0/0 - ISP line -Gi0/1 - Inside Network ( To a 2960 Switch)
Now they have procurred another line from ISP through which MPLS based VPN to the Main location is configured. What are the options I have , to terminate it on the Router ? As all the On board LAN ports are filled I guess I wont be able to do anything with the current setup .Are Switching modules available ? What is the Embedded-Service-Engine0/0 port that I see on #sh ip int b output ?
Here's my problem. I'm going to be using Cisco 1941 routers at a bunch of remote sites. All of these sites have 2 comm paths out. Some of them have 2 IP/VHF radios and some have 1 IP/VHF radio and a copper link using Patton ethernet extenders. From the VHF radios the data hit our MPLS network back to our HQ and the sites with copper go directly back to our HQ. Everything ends up at a Cisco 4948 switch. The problem I'm having is that I want the routers at the remote site to use one ethernet port (G0/0) as the primary and the other (G0/1) as the backup interface. I've tried the backup interface command but the problem is that depending on where an outage occurs the ethernet link to either the radio or Patton stays up so it never switches over. We're using OSPF as our routing protocol and I'm sure there's something that can be done with it but I'm not sure what.
I have a 1941 that I am going to deploy with a HWIC-D-9ESW switch module (I only need 3 switch ports but need the PoE). I am going to hang a 1262 autonomous AP off one of the ports but I need to configure MAC address port-security so that only that AP can pass traffic. I know the switch modules are 'almost' exactly like a switch for commands but I can't seem to enable or configure any port-security settings. Is port-security no available on the switch modules?
I have a strange issue that I am having an issue figuring out. I am trying to login to the 1941 router through the console port. When I enter the username and password, which I just set, it fails. I am able to login under a different login but when I try to enter the enable mode the enable password doesn't work, which I just set as well. I can login with the TACACS+ login from a SSH session. Here is the line config:
Can you configure a Cisco 1941 to use an 8 port EHWic module and the 2 onboard GE ports in a single LAN?
I've discovered you can't have the on GE ports associated with a VLan, and I'm when I've previously researched for a solution, bridging was mentioned but I cannot seem to get it to work (or completely understand it)The reason I would like to use all 10 ports on for the LAN is becuase I have 10 devices I need to connect to the 1941?
I have two WS-X6148-45AF linecards here that have been out of use for quite some time. Upon inserting them in one of our 6509-E's I noticed that both had "Minor Error"s on their module diagnostics.
I would have just assumed that the cards were dead and requested replacements, but both cards have the *exact* same diagnostic errors, which only seem to effect every-other port. That's too much of a coincidence for me, so I figured I'd ask on the forums and see if I'm just missing something obvious before I assume the worst. Are these cards both somehow damaged in the exact same way? Or is there some config/compatibility issue that I haven't heard of?
relevant diagnostic output from one of the cards (Both outputs the same, no use posting twice) is below:
Router#show diagnostic result module 4 Current bootup diagnostic level: minimal Module 4: 48-port 10/100 mb RJ45 SerialNo : SAL11391VUY
We are trying to install filter software at our main location and branches. The admin console has been installed at the main branch, but I need to allow access to ports 58000-58003 through our firewall in order to successfully install the software at our branches.
I need to open port range 554 - 558 to a DVR on the internal network. Also, I need to NAT one of my public IP's to the DVR. How is this accomplished in 8.4? I was able to do it in an older version ASA software.
I’m having serious issues getting Tandberg H.323 working behind this router with NAT.
My setup is Cisco 1811 configured with Fas0 to pull DHCP (public address). This router is being used in a mobile medical clinic VAN so the setup needs to be seamless and transparent to the users. The idea with the DHCP is anywhere they go they could pull a DHCP address and then NAT behind that address. The van visits mostly small schools in the Texas Rio Grande Valley providing medical assistance and consulting to the local community. The router has an 8 port built in switch and all ports are sitting in default VLAN 1.
Basic stripped down config, only relevant commands listed…
ip dhcp excluded-address 10.0.0.1 10.0.0.4
ip dhcp pool VANnet network 10.0.0.0 255.255.255.240 default-router 10.0.0.1 dns-server 10.0.0.1(code)
Now initially I can’t even get the call to connect with just using the ports above, which I should. Also knowing there are several issues with H.323 and NAT I went ahead and added all know ports Tandberg says they use…
Basically I created static NAT entries for all the ports and the ranges above. For the ranges I had to add a line for every port.
This didn’t and hasn’t worked yet even with some additional tweaking… Finally the question… am I going about this all wrong? Is there an arrangement of commands that will even work? How can I accomplish the port forwarding setup on a Linksys/Netgear router on a real Cisco router?
I need to increase the link capacity of 10GE to 20GE between two Cisco7609, so I feel the need to configure port channel between them, my little problem is that I have a SCE 8080 in the middle of both 7600 currently is configured inline. The SCE has 4 modules 1X10GE-L-V2 (currently in use 2), I was investigated and the truth is that I not found anything concrete about how to configure the SCE to "pass" etherchannel through it? What the SCE needs to support 20GE of traffic? (configuration and software)
We have a 6509 running 5.4(2). We have set up a hyperterm session and connect to multiple devices, then we get to the 6509 and it will not work. When we reload the 6509 and we are consoled into it, we get data until it is finished reloading. Then the console connections is no longer there.
Is it possible to reduce de recoveery time after an interface shutdown? Current interface configuration is as follows and it takes 1 second to recover from a shutdown. I need to decrease this time.(Cisco Catalyst C3560) [code]