Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Forwarding on Port 1720

Status
Not open for further replies.
vlad1slav

vlad1slav

Programmer
Nov 10, 2002
10
GB
I have successfully configured my PIX to do port forwarding for HTTP, FTP etc using the standard access-list/access-group/static commands... However, I’m having trouble getting forwarding to work on port 1720.

I have a Cisco ATA 186 Sitting on the local network with the following IP Address: 192.168.1.150

Has any one experienced similar problems or can point me in the right direction?

My topology is as follows:

Internet --> ADSL Modem/Router --> Cisco PIX 501 --> Local Area Network (192.168.1.X)

ADSL Modem Interfaces
Outside: 213.1XX.XX.XXX
Inside: 192.168.0.1

Cisco PIX 501 Interfaces
Outside: 192.168.0.2
Inside: 192.168.1.1
 
Sort by date Sort by votes
Here's my current firewall config:

PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ########## encrypted
passwd ########## encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 192.168.0.2 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.150 255.255.255.255 inside
pdm location 192.168.1.247 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 192.168.0.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:24147b339de4fc3a995818645750c1d4
 
Upvote 0 Downvote
I'm not an expert with ATA devices, but from what I understand it needs to be visible to the internet if you wish to receive a call over the internet.

Since you have a private address on your side of your ADSL router, you must be performing NAT there. You will need a static translation for the ATA device. (use the ATA device's address as the inside address)

On the firewall you will again need a static translation and an acl to allow the traffic in.

name 192.168.1.150 atadevice
static (inside,outside) tcp atadevice 1720 atadevice 1720 netmask 255.255.255.255 0 0
access-list outside-acl permit tcp any host atadevice eq 1720
access-g outside-acl in interface outside

I hope I got that right.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
546
XLNTech1
XLNTech1
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
718
Sameer258
Sameer258
Impersonator
  • Locked
  • Question
UDP Hacking port 53
Replies
1
Views
202
RodneyMcSnow
RodneyMcSnow
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
133
hall5942
hall5942
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
127
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top