Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how do I port forward on cisco 831 router?

Status
Not open for further replies.

wwefan

Technical User
Feb 8, 2006
10
US
Hello, well here is my question, my husband and I have a small business with about 6 computers and they are all networked with a basic peer to peer and Windows XP, I have a Cisco 831 router and I do have a VPN connection on it but it's only to connect to a remote computer which is a customer of ours and we pull down information from there computer for our business, and the other part on the router is for our basic LAN and connecting to the internet over our DSL modem, this was wrote down for me by a friend of ours and that's how I was able to set all this stuff up, we know nothing about routers are how to program them. We both wanted to be able to connect to our main computer at work that acts as the server when we are on the road, I have Windows XP pro on the work computer and found an article about using the remote desktop feature, it really explains it well but the only part we are having trouble with is what do I type in on the router to forward port 3389 which is what the article says we need to forward, I have set the server computer to an IP address so it will not change now, 192.168.1.125 but have no idea how to get our router to forward our static ip to this ip and port number? Sorry for the long message, thank you everyone.
 
Firstly you will need to know the user and enable passwords to make the necessary changes. Setting up port forwarding isn't too bad however and will kind of look as follows:

enable
conf t
int e0
ip nat inside
int dialer0
ip nat outside
ip nat inside source static tcp 192.168.1.125 3389 interface dialer0 3389

where dialer0 is the WAN (Internet-facing) interface on the 827 (it may be different on your 800 - you will need to check with the 'show ip int brief' command). If it is different, simply modify the script above to the corresponding dialer interface number, e.g. int dialer10 etc. Note there are 2 references to the dialer interface in the script.

 
Thank you very much, going to try that.
 
well shoot, I must have something else in the router set wrong too because when I put the computer we use as the server to a static ip nobody else here could access it anymore, so I don't know what I'm doing wrong now? and that's just on our LAN they could not access it, I did not try anything else with the remote access part since I needed to set the commputer back to obtain ip automatically, any ideas?
 
Can you copy/paste your current running configuration from the router (use the 'show running' command from enable (#) mode)
 
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$nAgz$QxuezlmewypCB4.5m8T7Y/
!
username ************** privilege 15 password 0 ********** username ******* privilege 15 secret 5 $1$1ci0$/YuodNmEn..AH1lZsnNiL0
username *********** password 0 ***********
username***********privilege 15 secret 5 $1$HRIL$8Shq3NaTnaoFp5d/JNsFW1
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.150 192.168.1.254
!
ip dhcp pool pool-dhcp
network 192.168.1.0 255.255.255.0
dns-server 151.164.14.201 151.164.1.8
default-router 192.168.1.1
lease infinite
!
ip dhcp pool POOL-DHCP
dns-server 151.164.14.201 151.164.1.8
default-router 192.168.1.1
!
!
ip domain name yourdomain.com
ip name-server 151.164.14.201
ip name-server 151.164.1.8
ip ips po max-events 100
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 18
encr 3des
authentication pre-share
group 2
crypto isakmp key !*********! address **********!
!
crypto ipsec transform-set Alternative esp-3des esp-sha-hmac
!
crypto map mymap 11 ipsec-isakmp
set peer ***********
set transform-set Alternative
set pfs group2
match address 148
!
!
!
interface Ethernet0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Ethernet1
no ip address
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
ip address *************** ****************
ip access-group 120 in
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *******************
ppp chap password 0 ******************
ppp pap sent-username ************password 0 *********
crypto map mymap
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map nonat interface Dialer1 overload
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 120 permit tcp any any established
access-list 120 permit udp any any eq domain
access-list 120 permit udp any eq domain any
access-list 120 permit tcp any any eq smtp
access-list 120 permit tcp any any eq pop3
access-list 120 permit tcp any any eq ftp
access-list 120 permit tcp any gt 1023 any eq ftp-data
access-list 120 permit tcp any any gt 1023
access-list 120 permit tcp any any eq telnet
access-list 120 permit tcp any any eq 69
access-list 120 permit tcp any any eq finger
access-list 120 permit tcp any any eq www
access-list 120 permit tcp any any eq 161
access-list 120 permit tcp any any eq 144
access-list 120 permit tcp any any eq 115
access-list 120 permit tcp any any eq ident
access-list 120 permit icmp any any
access-list 120 permit udp any any eq isakmp
access-list 120 permit udp any any eq non500-isakmp
access-list 120 permit esp any any
access-list 120 permit tcp any any eq 443
access-list 120 permit tcp any any eq 1521
access-list 120 permit tcp any any eq 15000
access-list 120 permit tcp any any eq 139
access-list 120 permit tcp any any eq 812
access-list 120 permit tcp any any eq 813
access-list 120 permit tcp any any eq 814
access-list 120 permit tcp any any eq 815
access-list 120 permit tcp any any eq 816
access-list 120 permit tcp any any eq 817
access-list 120 permit tcp any any eq 818
access-list 120 permit tcp any any eq 819
access-list 120 permit tcp any any eq 820
access-list 120 permit tcp any any eq 821
access-list 120 permit tcp any any eq 1701
access-list 120 permit tcp any any eq 1702
access-list 120 permit tcp any any eq 1703
access-list 120 permit tcp any any eq 1704
access-list 120 permit tcp any any eq 1705
access-list 120 permit tcp any any eq 1706
access-list 120 permit tcp any any eq 1707
access-list 120 permit tcp any any eq 32771
access-list 120 permit tcp any any eq ftp-data
access-list 120 permit tcp any any eq 9443
access-list 120 permit tcp any any eq 563
access-list 120 permit tcp any any eq 448
access-list 120 permit udp any any eq snmp
access-list 120 permit tcp any any eq 30
access-list 120 permit tcp any any eq 5900
access-list 120 permit tcp any any eq 5800
access-list 129 permit ip 192.168.1.0 0.0.0.255 any
access-list 148 permit ip host ***************
access-list 148 permit ip host ***************
access-list 148 permit ip host ***************
access-list 148 permit ip host ***************
access-list 148 permit ip host ***************
route-map nonat permit 10
match ip address 129
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top