Cisco 2501 configuration question

[ljz1]

Hi,

I am confused. I have a client that is having trouble accessing SOME websites SOME ftp sites. Their routing setup is unique (at least to me) The have a Cisco 2501 that is not doing NAT but is routing traffic. A linksys router is running behind the cisco in gateway mode. The linksys is successfully port forwarding RDP 3389 but can not port forward port 25 successfully. (NMAP showed port 25 filtered until I opened it on Cisco). I was hoping you could give some insight as to what the Cisco is passing some traffic but not other. Here is the config:

Router#show run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 $1$0DwV$eZkP82kL.f3ln05Zy09lU0
enable password
!
ip subnet-zero
ip name-server 170.147.45.175
ip name-server 170.147.113.54
!
!
!
interface Ethernet0
description LAN
ip address 64.x.x.x 255.255.255.224
no ip directed-broadcast
no cdp enable
!
interface Serial0
description ICG T1
ip address 64.140.x.x 255.255.255.252
ip access-group 102 in
no ip directed-broadcast
encapsulation ppp
no ip route-cache
no ip mroute-cache
no fair-queue
no cdp enable
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
!
access-list 102 permit esp any any
access-list 102 permit icmp any any
access-list 102 permit gre any any
access-list 102 permit udp any any eq isakmp
access-list 102 permit udp any any eq 50
access-list 102 permit tcp any any eq 50
access-list 102 permit tcp any any eq 500
access-list 102 permit tcp any any eq 6111
access-list 102 permit tcp any any range 1024 1432
access-list 102 permit udp any any range 1024 1432
access-list 102 permit tcp any any gt 1434
access-list 102 permit udp any any gt 1434
snmp-server community public RO
!
line con 0
transport input none
line aux 0
session-timeout 60
exec-timeout 30 0
password dan22dan
login
line vty 0 4
password
login
!
end


Any insight REALLY appreciated!

LjZ

 

[vipergg]

It is permitting anything incoming on the serial in ACL 102 and denying everything else . Take a look at ACL 102 everything in that list is allowed in , if its not in that list it is denied .

 

[ljz1]

Thanks for the response. 2 questions.

1. Why does port forwarding on the Linksys router (behind cisco) work for port 3389 but has to be open on the cisco for port 25?

2. Why would links embedded in websites such as

http://www.commentarymagazine.com/cm/images/interface/headers/subscribe-text.jpg

not work?
When I try to pull this in a web browser a netstat shows closed_wait on port it is trying to establish. I added line permit tcp any any established on access list but nothing changed.

Thanks again.

 

[plshlpme]

your access-list 102 has these entries

access-list 102 permit tcp any any range 1024 1432
access-list 102 permit udp any any range 1024 1432
access-list 102 permit tcp any any gt 1434
access-list 102 permit udp any any gt 1434

that is allowing all tcp and udp ports between 1024 and 1432
and also allowing all tcp and udp above 1434 (1434-~65000)

you have nothing there for port 25 smtp so it will be denied.

 

[globalchicken]

HAve you taken off the ACL that you have applied and try accessing those sites just to ensure that your router IS the problem or if its a completely different issue.

 

[ljz1]

Good question. I took the linksys out of the loop and it still had the issue but did not take the ACL out. Great idea. That is what I will do!

Thanks.