Cisco 800 series won't forward port

Posted by sam on Server Fault See other posts from Server Fault or by sam
Published on 2011-01-14T03:55:51Z Indexed on 2011/01/14 4:55 UTC
Read the original article Hit count: 765

Filed under:
|
|
|
|

Hello ServerFault,

I am trying to forward port 444 from my cisco router to my Web Server (192.168.0.2).

As far as I can tell, my port forwarding is configured correctly, yet no traffic will pass through on port 444.

Here is my config:

!
version 12.3
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname QUESTMOUNT
!
logging buffered 16386 informational
logging rate-limit 100 except warnings
no logging console
no logging monitor
enable secret 5 -removed-
!
username administrator secret 5 -removed-
username manager secret 5 -removed-
clock timezone NZST 12
clock summer-time NZDT recurring 1 Sun Oct 2:00 3 Sun Mar 3:00
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userlist local
aaa authentication ppp default local
aaa authorization network grouplist local 
aaa session-id common
ip subnet-zero
no ip source-route
no ip domain lookup
ip domain name quest.local
!
!
no ip bootp server
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall skinny
ip inspect name firewall http
ip audit notify log
ip audit po max-events 100
ip audit name intrusion info list 3 action alarm
ip audit name intrusion attack list 3 action alarm drop reset
no ftp-server write-enable
!
!
! 
!
crypto isakmp policy 1
 authentication pre-share
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group staff
 key 0 qS;,sc:q<skro1^,
 domain quest.local
 pool vpnclients
 acl 106
!
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac 
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac 
crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac 
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac 
!
crypto dynamic-map vpnusers 1
 description Client to Site VPN Users
 set transform-set tr-des-md5 
!
!
crypto map cm-cryptomap client authentication list userlist
crypto map cm-cryptomap isakmp authorization list grouplist
crypto map cm-cryptomap client configuration address respond
crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers 
!
!
!
!
interface Ethernet0
 ip address 192.168.0.254 255.255.255.0
 ip access-group 102 in
 ip nat inside
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 0/100 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer0
 bandwidth 640
 ip address negotiated
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 ip nat outside
 ip inspect firewall out
 ip audit intrusion in
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp pap sent-username -removed- password 7 -removed-
 ppp ipcp dns request
 crypto map cm-cryptomap
!
ip local pool vpnclients 192.168.99.1 192.168.99.254
ip nat inside source list 105 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.2 444 interface Dialer0 444
ip nat inside source static tcp 192.168.0.51 9000 interface Dialer0 9000
ip nat inside source static udp 192.168.0.2 1433 interface Dialer0 1433
ip nat inside source static tcp 192.168.0.2 1433 interface Dialer0 1433
ip nat inside source static tcp 192.168.0.2 25 interface Dialer0 25
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
ip access-list logging interval 10
logging 192.168.0.2
access-list 1 remark The local LAN.
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.0.0
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 3 remark Traffic not to check for intrustion detection.
access-list 3 deny   192.168.99.0 0.0.0.255
access-list 3 permit any
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 permit ip 192.168.99.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 deny   ip 0.0.0.0 0.255.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 169.254.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.0.2.0 0.0.0.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 198.18.0.0 0.1.255.255 any
access-list 101 deny   ip 224.0.0.0 0.15.255.255 any
access-list 101 deny   ip any host 255.255.255.255
access-list 101 permit tcp 67.228.209.128 0.0.0.15 any eq 1433
access-list 101 permit tcp host 120.136.2.22 any eq 1433
access-list 101 permit tcp host 123.100.90.58 any eq 1433
access-list 101 permit udp 67.228.209.128 0.0.0.15 any eq 1433
access-list 101 permit udp host 120.136.2.22 any eq 1433
access-list 101 permit udp host 123.100.90.58 any eq 1433
access-list 101 permit tcp any any eq 444
access-list 101 permit tcp any any eq 9000
access-list 101 permit tcp any any eq smtp
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq telnet
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.0.254
access-list 102 deny   ip any host 192.168.0.255
access-list 102 deny   udp any any eq tftp log
access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.99.0 0.0.0.255
access-list 102 deny   ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny   ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny   ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny   ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny   ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny   udp any any eq 135 log
access-list 102 deny   tcp any any eq 135 log
access-list 102 deny   udp any any eq netbios-ns log
access-list 102 deny   udp any any eq netbios-dgm log
access-list 102 deny   tcp any any eq 445 log
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny   ip any any log
access-list 105 remark Traffic to NAT
access-list 105 deny   ip 192.168.0.0 0.0.0.255 192.168.99.0 0.0.0.255
access-list 105 permit ip 192.168.0.0 0.0.0.255 any
access-list 106 remark User to Site VPN Clients
access-list 106 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 2 in
 transport input telnet ssh
 transport output none
!
scheduler max-task-time 5000
!
end

any ideas? :)

© Server Fault or respective owner

Related posts about iis

Related posts about cisco