Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
1
Replies

Cannot Open and Forward port on Cisco Router 800 series

Komla.Agbesi
Level 1
Level 1

‎11-14-2016 01:05 PM - edited ‎03-08-2019 08:09 AM

Hello People, i am trying to open a few ports (1701,500,4500) for L2TP on a CIsco 800 series router.

i have run the command

ip nat inside source static tcp x.x.x.x 1701 interface FastEthernet4 1701 

for all the required ports and still cannot see them opened when i check with a port scanner.

this command syntax worked fine for port 1723 when i setup pptp vpn.

Kindly assist.

my current config below:

Current configuration : 4765 bytes
!
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HFCR1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 cccccc
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2314922427
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2314922427
revocation-check none
rsakeypair TP-self-signed-2314922427
!
!
crypto pki certificate chain TP-self-signed-2314922427
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53678C66 2D536967 6E65642D 43657274
69666963 6174652D 32333134 39323234 3237301E 170D3134 31313034 31323232
34335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33313439
32323432 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D3F5 1BAB398B 2786967B 5658C2A5 B2B550A9 F37BD233 F5646E67 AD7EA80F
5F0920B8 1CAFA616 A744BED7 7B5B2C52 11766789 071E33A1 B3B648FF 22DC4F5B
quit
no ip source-route
!
!
!
ip dhcp excluded-address 192.168.10.x 192.168.10.x
!
ip dhcp pool INTERNAL_NETWORK
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server d.d.d.d
!
!
ip cef
no ip domain lookup
ip domain name temafuelghana.com
ip name-server D.D.D.D
ip name-server D.D.D.D

ip port-map user-custom_rdp port tcp 3389
ip port-map user-custom_smtp port tcp 3000
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FGL171025T5
!
!
username itadmin privilege 15 secret 4 J25MjxTI2r5IOShHNmKoTLbX2VDzhjOjyTTcwJfTfpA
username admin privilege 15 secret 4 xR5wUIyvYM3gDFpA8x1KCGdZ7K2LBqmbqkij96KBJqA
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description WAN_INTERFACE
ip address L.L.L.L 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description INSIDE_INTERFACE
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip nat inside source list INTERNET_ACCESS interface FastEthernet4 overload
ip nat inside source static tcp 192.168.x.x 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.x.x 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.x.x 143 interface FastEthernet4 143
ip nat inside source static tcp 192.168.x.x 22 interface FastEthernet4 22
ip nat inside source static tcp 192.168.x.x 110 interface FastEthernet4 110
ip nat inside source static tcp 192.168.x.x 3000 interface FastEthernet4 3000
ip nat inside source static tcp 192.168.x.x 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.168.x.x 1723 interface FastEthernet4 1723
ip nat inside source static tcp 192.168.x.x 1701 interface FastEthernet4 1701
ip nat inside source static tcp 192.168.x.x 500 interface FastEthernet4 500
ip nat inside source static udp 192.168.x.x 500 interface FastEthernet4 500
ip nat inside source static udp 192.168.x.x 1701 interface FastEthernet4 1701
ip nat inside source static udp 192.168.x.x 4500 interface FastEthernet4 4500
ip route 0.0.0.0 0.0.0.0 197.221.83.197
!
ip access-list standard INTERNET_ACCESS
permit 192.168.10.0 0.0.0.255
!
!
!
!
!
banner motd ^C
**********************************
hhhhhhhhhhhhhhhhhhhhhh
**********************************^C
!
line con 0
password 7 xxx
logging synchronous
login
no modem enable
line aux 0
password 7 xxx
logging synchronous
login
line vty 0 4
password 7 xxx
logging synchronous
login local
transport input all
!
end

thANKS

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎11-14-2016 02:32 PM

Hello,

just to be sure, are the source IP addresses in your static NAT all different ? Because if they are not, use the keyword 'extendable' at the end of the statements with identical source IP addresses...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card