Re: Cisco 760
From: Stuart Mackie [MCP, MSP] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 10/24/04
- Next message: Joe: "Event Log Error Message Issue"
- Previous message: Sharron R. Cox [MSFT]: "RE: SMTPSVC service is Start Pending"
- In reply to: WK: "Re: Cisco 760"
- Next in thread: WK: "Re: Cisco 760"
- Reply: WK: "Re: Cisco 760"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 24 Oct 2004 13:19:45 +0100
Hi. Do you have a support contract for the 760 to allow you to download
software updates ? From the information you posted, you are running version
4.2.3. I've checked online and the current version is
4.4.7 I will try and get the release notes for the newer versions to see
what fixes are listed in case this is related to your problem.
On the ports you are unsure about below, where it says Router, does it
actually say 'Router' in the config file, or have you replaced an IP address
with the word Router ?
> 67 Router DHCP Server
> 68 Router DHCP Client
> 69 Router TFTP
> 162 Router SNMP-TRAP
> 520 Router RIP
I can see why a few of these may be open, but not all of them. TFTP for
example will likely be open to allow you to transfer files to a from the
router such as firmware. But these ports should not be open to the external
network. At most they should be internal access only for security unless
you have a need to use it externally.
Is the router configured to use a fixed IP etc or does it receive its
network details from the ISP using DHCP ?
I can't think why the router requires Port 80 to allow Port 443 other than a
possible bug or oversight in earlier firmware. Do you have logging enabled
on the router to allow you to monitor what is happening e.g. syslog server ?
If you have logging enabled when you disable HTTP port forwarding and only
enable forwarding of SSL using SET IP PAT PORTHANDLER 443 [server IP], what
logs are generated when you try and access a web page via SSL ?
As a test you could also try forwarding port 80 and port 443, configure port
443 to be forwarded to your valid server IP, but configure the port 80
forward to an invalid unused IP. This wouldn't be a suitable long term
solution, but may help in working out why both are required.
-- Hth, Stuart Mackie [MCP, MSP] www.stu.uk.com "WK" <wkent@netsandbytesdotcom> wrote in message news:uov1xQZuEHA.444@TK2MSFTNGP10.phx.gbl... > Hi Stuart, > Thanks for the help. Current Configuration > -------------------------------------------------------------------------------- > Software Version c760-i.b.US 4.2(3) - Aug 21 1998 17:05:19 > Cisco 762 > ISDN Stack Revision US 2.10 (5ESS/DMS/NI-1) > Hardware Configuration: > DRAM: 1.5MB > Flash: 1.0MB > POTS: Not Installed > NT1: Installed > ROM: 2.1(2) > -------------------------------------------------------------------------------- > Profile Routing Frame IP Address Netmask RIP TX RX > Prop Cost > > LAN ON ETH2 xxx.xxx.xxx.xxx 255.255.255.0 V1 OFF V1 > ON 1 > Standard ON IPCP xxx.xxx.xxx.xxx 255.255.255.0 V1 OFF V1 > ON 1 (Static from ISP) > ------------------------------------------------------------------------------- > Profile PAT Multicast Summarization Netbios Spoofing/Left(min) > > LAN OFF OFF OFF OFF /0 > Standard ON OFF OFF OFF /0 > -------------------------------------------------------------------------------- > Port handlers [no default]: > Port Handler Service > ------------------------------------- > 25 xxx.xxx.xxx.xxx SMTP > 80 xxx.xxx.xxx.xxx HTTP > 443 xxx.xxx.xxx.xxx SHTTP > 444 xxx.xxx.xxx.xxx > 3389 xxx.xxx.xxx.xxx > 4125 xxx.xxx.xxx.xxx > 161 non existent ip SNMP > 23 non existent ip TELNET > 67 Router DHCP Server > 68 Router DHCP Client > 69 Router TFTP > 162 Router SNMP-TRAP > 520 Router RIP > -------------------------------------------------------------------------------- > This configuration is working and we can access everything that we need. > Port 161 and 23 are going to a non existent ip address. I didn't know what > else to do. Can I set ip pat port 161 & 23 OFF? I have no idea what the > 67, 68, 69, 162 & 520 ports are there for and as it is working I didn't > want to break it. > If I set ip pat port 80 OFF there is no communication at all. I am > thinking that this router actually needs port 80 open to initialize the > traffic on port 443. > The router has been rebooted after any configuration change and retains > the setting that are made. > Once again thanks for your input. > > "Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> > wrote in message news:Oq1UtcVuEHA.3476@TK2MSFTNGP14.phx.gbl... >> Hi Wayne. I haven't had any specific experience with 760s, after >> thinking about it I don't think they have a web interface. I don't >> belive the 760s use IOS so this could be a bit of an adventure :) >> >> Can you post a copy of your current configuration with security details >> removed (i.e. usernames, passwords and IP addresses) ? >> >> Can you post your firmware version number ? >> >> Have you reset the router after making the configuration changes ? >> >> So just to check, you've enabled PAT using "SET IP PAT ON" then tried >> using "SET IP PAT PORTHANDLER 443 xxx.xxx.xxx.xxx". The configuration >> then shows these commands have been accepted but no data on 443 reaches >> the server ? >> >> >> -- >> Hth, >> Stuart Mackie [MCP, MSP] >> www.stu.uk.com >> >> >> "WK" <wkent@netsandbytesdotcom> wrote in message >> news:u%23BY28SuEHA.2828@TK2MSFTNGP12.phx.gbl... >>> Hi Stuart, >>> I am using telnet from the LAN, can also use HyperTerminal via the >>> console cable.. I was not aware of a web interface. Cisco newbie :( >>> I am using the commands >>> show ip pat >>> set ip pat port <port number> <ipaddress of server> >>> The Cisco command manual says to issue this; >>> set ip pat port HT <server ip address> which allows 80 and 443. This >>> works and all is good. >>> This doesn't work. >>> set ip port pat HT <serveripaddress> OFF disabling HTTP & SSL >>> set ip pat port 443 <serveripaddress> Which should turn on 443 and does >>> according to show ip pat. >>> The server doesn't respond to any calls via ssl externally. >>> >>> Thanks for your help. >>> Wayne >>> >>> >>> "Stuart Mackie [MCP, MSP]" >>> <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> wrote in message >>> news:%236wySySuEHA.2128@TK2MSFTNGP11.phx.gbl... >>>> Hi Wk. How are you configuring the router, via the web interface or >>>> the CLI (command line interface) ? >>>> >>>> -- >>>> Hth, >>>> Stuart Mackie [MCP, MSP] >>>> www.stu.uk.com >>>> >>>> >>>> "WK" <wkent@netsandbytesdotcom> wrote in message >>>> news:%23jSkBKSuEHA.2804@TK2MSFTNGP14.phx.gbl... >>>>> Hi, >>>>> SBS2003 dual NICS & ISA2000 SP2 FP1. Opened SMTP, OWA, RDP & RWW. >>>>> My client has a Cisco 760 aDSL router. I was able to program it, Cisco >>>>> newbie, to forward the common ports for SBS2003 and all is working >>>>> fine. My dilemma is that in order to forward 443 this router must >>>>> forward 80 which I don't like. I have read the manual for this router >>>>> but cannot find a solution. Does anyone have experience with this, all >>>>> suggestions gratefully received. >>>>> >>>>> WK >>>>> >>>> >>>> >>> >>> >> >> > >
- Next message: Joe: "Event Log Error Message Issue"
- Previous message: Sharron R. Cox [MSFT]: "RE: SMTPSVC service is Start Pending"
- In reply to: WK: "Re: Cisco 760"
- Next in thread: WK: "Re: Cisco 760"
- Reply: WK: "Re: Cisco 760"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
