1811 Port forwarding 1

[crocks]

I am trying to port forward my cisco 1811 router. From an external IP address port 5494 to local 192.168.1.100

I can't seem to see what is wrong. Here is my config file.

!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname IBCL1811
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 ********************.
enable password 7 *****************
!
aaa new-model
!
!
aaa authentication login local_auth local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authentication login sdm_vpn_xauth_ml_4 local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa authorization network sdm_vpn_group_ml_3 local
aaa authorization network sdm_vpn_group_ml_4 local
!
aaa session-id common
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
no ip gratuitous-arps
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.29
ip dhcp excluded-address 192.168.1.100 192.168.1.254
!
ip dhcp pool IBCL-LAN
import all
network 192.168.1.0 255.255.255.0
dns-server 192.168.1.25
default-router 192.168.1.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name ibcl.domain
ip name-server 207.xxx.xxx.193
ip name-server 24.xxx.xxx.xxx
ip name-server 192.168.1.25
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
login block-for 32767 attempts 5 within 5
!
appfw policy-name SDM_MEDIUM
application http
strict-http action allow alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
!
interface Null0
no ip unreachables
!
interface FastEthernet0
description Bell Business HS$FW_OUTSIDE$$ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet1
description Rogers NO LONGER USED WAN$FW_OUTSIDE$$ETH-WAN$
ip address 208.xxx.xxxx.74 255.255.255.248
ip access-group 106 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
ip route-cache flow
shutdown
duplex auto
speed auto
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template3 type tunnel
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Virtual-Template4 type tunnel
ip unnumbered Dialer5
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile2
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 108 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Async1
no ip address
encapsulation slip
!
interface Dialer5
description $FW_OUTSIDE$
ip address negotiated
ip access-group 109 in
ip mtu 1492
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ****@bellnet.ca
ppp chap password 7 *******
ppp pap sent-username i*****( password 7 **************
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
interface Dialer0
no ip address
!
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.25
ip local pool SDM_POOL_2 192.168.3.1 192.168.3.25
ip route 0.0.0.0 0.0.0.0 Dialer5
!
!
ip http server
ip http access-class 2
ip http secure-server
ip nat inside source list 1 interface Dialer5 overload
ip nat inside source route-map sympatico-nat interface Dialer0 overload
ip nat inside source static tcp 192.168.1.100 5494 interface FastEthernet0 5494
!
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp host 192.168.1.25 eq domain any
access-list 100 deny ip 208.124.186.72 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 deny ip 208.124.186.72 0.0.0.7 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp host 207.164.234.193 eq domain any
access-list 102 permit udp host 24.153.23.114 eq domain any
access-list 102 permit udp host 207.164.234.193 eq domain host 208.124.186.74
access-list 102 permit udp host 24.153.23.114 eq domain host 208.124.186.74
access-list 102 permit udp any host 208.124.186.74 eq non500-isakmp
access-list 102 permit udp any host 208.124.186.74 eq isakmp
access-list 102 permit esp any host 208.124.186.74
access-list 102 permit ahp any host 208.124.186.74
access-list 102 deny ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any host 208.124.186.74 echo-reply
access-list 102 permit icmp any host 208.124.186.74 time-exceeded
access-list 102 permit icmp any host 208.124.186.74 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 deny ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny ip 208.124.186.72 0.0.0.7 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 deny ip 192.168.1.0 0.0.0.255 any
access-list 105 deny ip 208.124.186.72 0.0.0.7 any
access-list 105 permit icmp any any echo-reply
access-list 105 permit icmp any any time-exceeded
access-list 105 permit icmp any any unreachable
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.15.255.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
access-list 105 deny ip 127.0.0.0 0.255.255.255 any
access-list 105 deny ip host 255.255.255.255 any
access-list 105 deny ip host 0.0.0.0 any
access-list 105 deny ip any any log
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 permit udp host 207.164.234.193 eq domain host 208.124.186.74
access-list 106 permit udp host 24.153.23.114 eq domain host 208.124.186.74
access-list 106 permit udp any host 208.124.186.74 eq non500-isakmp
access-list 106 permit udp any host 208.124.186.74 eq isakmp
access-list 106 permit esp any host 208.124.186.74
access-list 106 permit ahp any host 208.124.186.74
access-list 106 deny ip 192.168.1.0 0.0.0.255 any
access-list 106 permit icmp any host 208.124.186.74 echo-reply
access-list 106 permit icmp any host 208.124.186.74 time-exceeded
access-list 106 permit icmp any host 208.124.186.74 unreachable
access-list 106 deny ip 10.0.0.0 0.255.255.255 any
access-list 106 deny ip 172.16.0.0 0.15.255.255 any
access-list 106 deny ip 192.168.0.0 0.0.255.255 any
access-list 106 deny ip 127.0.0.0 0.255.255.255 any
access-list 106 deny ip host 255.255.255.255 any
access-list 106 deny ip host 0.0.0.0 any
access-list 106 deny ip any any log
access-list 107 remark auto generated by SDM firewall configuration
access-list 107 remark SDM_ACL Category=1
access-list 107 permit udp host 207.164.234.193 eq domain any
access-list 107 permit udp host 24.153.23.114 eq domain any
access-list 107 deny ip 192.168.1.0 0.0.0.255 any
access-list 107 permit udp any eq bootps any eq bootpc
access-list 107 permit icmp any any echo-reply
access-list 107 permit icmp any any time-exceeded
access-list 107 permit icmp any any unreachable
access-list 107 deny ip 10.0.0.0 0.255.255.255 any
access-list 107 deny ip 172.16.0.0 0.15.255.255 any
access-list 107 deny ip 192.168.0.0 0.0.255.255 any
access-list 107 deny ip 127.0.0.0 0.255.255.255 any
access-list 107 deny ip host 255.255.255.255 any
access-list 107 deny ip any any log
access-list 108 remark auto generated by SDM firewall configuration
access-list 108 remark SDM_ACL Category=1
access-list 108 permit tcp any eq 5494 any
access-list 108 permit udp any host 192.168.1.1 eq non500-isakmp
access-list 108 permit udp any host 192.168.1.1 eq isakmp
access-list 108 permit esp any host 192.168.1.1
access-list 108 permit ahp any host 192.168.1.1
access-list 108 remark SOTI REMOTE
access-list 108 permit tcp any eq 5494 any log
access-list 108 deny ip host 255.255.255.255 any
access-list 108 deny ip 127.0.0.0 0.255.255.255 any
access-list 108 permit ip any any
access-list 108 permit tcp any any eq 5494
access-list 109 remark auto generated by SDM firewall configuration
access-list 109 remark SDM_ACL Category=1
access-list 109 permit udp host 207.164.234.193 eq domain any
access-list 109 permit tcp any any eq 5494 log
access-list 109 permit udp host 24.153.23.114 eq domain any
access-list 109 permit udp any any eq non500-isakmp
access-list 109 permit tcp any eq 5494 any log
access-list 109 permit udp any any eq isakmp
access-list 109 permit esp any any
access-list 109 permit ahp any any
access-list 109 deny ip 192.168.1.0 0.0.0.255 any
access-list 109 permit icmp any any echo-reply
access-list 109 permit icmp any any time-exceeded
access-list 109 permit icmp any any unreachable
access-list 109 deny ip 10.0.0.0 0.255.255.255 any
access-list 109 deny ip 172.16.0.0 0.15.255.255 any
access-list 109 deny ip 192.168.0.0 0.0.255.255 any
access-list 109 deny ip 127.0.0.0 0.255.255.255 any
access-list 109 deny ip host 255.255.255.255 any
access-list 109 deny ip host 0.0.0.0 any
access-list 109 deny ip any any log
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner login ^CCRestricted Access Only^C
!
line con 0
transport output telnet
line 1
access-class sl_def_acl in
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
access-class sl_def_acl in
transport output telnet
line vty 0 4
access-class sl_def_acl in
password 7 011D09164F03031D2F
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end


Any Help would be great thanks!

 

[burtsbees]

Wrong interface...change

ip nat inside source static tcp 192.168.1.100 5494 interface FastEthernet0 5494

to

ip nat inside source static tcp 192.168.1.100 5494 interface di5 5494

/

 

[crocks]

Thanks, I will give it a try tonight...
How do I remove the current ip nat?

 

[crocks]

Thanks BurtsBee... Worked like a charm.

 

[burtsbees]

Sorry, just got back to this...

I assume that you removed it? If not, most commands that you want to remove from Cisco IOS routers/switches is simply the "no" form of the command...

router(config)#no ip nat inside source static tcp blablabla

Also, you should do a

router#clear ip nat trans *

/