Re: Cisco 760
From: WK (wkent_at_netsandbytesdotcom)
Date: 10/24/04
- Next message: Fredly: "Re: Missing Emails"
- Previous message: Steve Foster [SBS MVP]: "Re: Losing my rag with ISA and CA ETrust"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: Cisco 760"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 24 Oct 2004 10:46:17 -0800
Hi Stuart,
Thanks for your help.
Do you have a support contract for the 760 to allow you to download software
updates ? I will have to check with my client, I am thinking that No is the
probable answer.
I inserted xxx in place of vital information so, yes, it says Router in the
config file for ports 67, 68, 69, 162 & 520.
The router is configured with a static external ip address.
I don't know if logging is enabled on the router, there is no syslog server
running on the LAN. I can find out how to set up logging.
I will try forwarding port 80 to an unused address and see if that works.
I don't have local access at this time, as soon as I do I will try your
suggestions.
Below is the Command Reference from Cisco website. As you can see 80, 443
are grouped together under HTtp.
set ip pat porthandler
To set up the PAT port handler for a decimal port number, use the set ip pat
porthandler command.
SEt IP PAt POrthandler DEfault | TElnet | FTp | SMtp | WIns | HTtp |
port_number ip address | Off
Syntax Description
default
The IP addresses specified are the default handlers for all ports,
except ports specifically assigned a handler. Use the show ip pat command to
show the current assignments.
telnet
Telnet protocol port 23.
ftp
File Transport Protocol (FTP) protocol port 21.
smtp
Simple Mail Transfer Protocol (SMTP) protocol port 25.
wins
NetBIOS session service port 139.
http
World Wide Web - HTTP and secure HTTP port 80,443.
port_number
The TCP/UDP port numbers in decimal.
ip address
Local unregistered IP address.
"Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
wrote in message news:u$aoaPcuEHA.2116@TK2MSFTNGP14.phx.gbl...
> Hi. Do you have a support contract for the 760 to allow you to download
> software updates ? From the information you posted, you are running
> version 4.2.3. I've checked online and the current version is
> 4.4.7 I will try and get the release notes for the newer versions to see
> what fixes are listed in case this is related to your problem.
>
> On the ports you are unsure about below, where it says Router, does it
> actually say 'Router' in the config file, or have you replaced an IP
> address with the word Router ?
>
>> 67 Router DHCP Server
>> 68 Router DHCP Client
>> 69 Router TFTP
>> 162 Router SNMP-TRAP
>> 520 Router RIP
>
> I can see why a few of these may be open, but not all of them. TFTP for
> example will likely be open to allow you to transfer files to a from the
> router such as firmware. But these ports should not be open to the
> external network. At most they should be internal access only for
> security unless you have a need to use it externally.
>
> Is the router configured to use a fixed IP etc or does it receive its
> network details from the ISP using DHCP ?
>
> I can't think why the router requires Port 80 to allow Port 443 other than
> a possible bug or oversight in earlier firmware. Do you have logging
> enabled on the router to allow you to monitor what is happening e.g.
> syslog server ? If you have logging enabled when you disable HTTP port
> forwarding and only enable forwarding of SSL using SET IP PAT PORTHANDLER
> 443 [server IP], what logs are generated when you try and access a web
> page via SSL ?
>
> As a test you could also try forwarding port 80 and port 443, configure
> port 443 to be forwarded to your valid server IP, but configure the port
> 80 forward to an invalid unused IP. This wouldn't be a suitable long term
> solution, but may help in working out why both are required.
>
> --
> Hth,
> Stuart Mackie [MCP, MSP]
> www.stu.uk.com
>
>
> "WK" <wkent@netsandbytesdotcom> wrote in message
> news:uov1xQZuEHA.444@TK2MSFTNGP10.phx.gbl...
>> Hi Stuart,
>> Thanks for the help. Current Configuration
>> --------------------------------------------------------------------------------
>> Software Version c760-i.b.US 4.2(3) - Aug 21 1998 17:05:19
>> Cisco 762
>> ISDN Stack Revision US 2.10 (5ESS/DMS/NI-1)
>> Hardware Configuration:
>> DRAM: 1.5MB
>> Flash: 1.0MB
>> POTS: Not Installed
>> NT1: Installed
>> ROM: 2.1(2)
>> --------------------------------------------------------------------------------
>> Profile Routing Frame IP Address Netmask RIP TX RX
>> Prop Cost
>>
>> LAN ON ETH2 xxx.xxx.xxx.xxx 255.255.255.0 V1 OFF
>> V1 ON 1
>> Standard ON IPCP xxx.xxx.xxx.xxx 255.255.255.0 V1 OFF V1
>> ON 1 (Static from ISP)
>> -------------------------------------------------------------------------------
>> Profile PAT Multicast Summarization Netbios Spoofing/Left(min)
>>
>> LAN OFF OFF OFF OFF /0
>> Standard ON OFF OFF OFF /0
>> --------------------------------------------------------------------------------
>> Port handlers [no default]:
>> Port Handler Service
>> -------------------------------------
>> 25 xxx.xxx.xxx.xxx SMTP
>> 80 xxx.xxx.xxx.xxx HTTP
>> 443 xxx.xxx.xxx.xxx SHTTP
>> 444 xxx.xxx.xxx.xxx
>> 3389 xxx.xxx.xxx.xxx
>> 4125 xxx.xxx.xxx.xxx
>> 161 non existent ip SNMP
>> 23 non existent ip TELNET
>> 67 Router DHCP Server
>> 68 Router DHCP Client
>> 69 Router TFTP
>> 162 Router SNMP-TRAP
>> 520 Router RIP
>> --------------------------------------------------------------------------------
>> This configuration is working and we can access everything that we need.
>> Port 161 and 23 are going to a non existent ip address. I didn't know
>> what else to do. Can I set ip pat port 161 & 23 OFF? I have no idea what
>> the 67, 68, 69, 162 & 520 ports are there for and as it is working I
>> didn't want to break it.
>> If I set ip pat port 80 OFF there is no communication at all. I am
>> thinking that this router actually needs port 80 open to initialize the
>> traffic on port 443.
>> The router has been rebooted after any configuration change and retains
>> the setting that are made.
>> Once again thanks for your input.
>>
>> "Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
>> wrote in message news:Oq1UtcVuEHA.3476@TK2MSFTNGP14.phx.gbl...
>>> Hi Wayne. I haven't had any specific experience with 760s, after
>>> thinking about it I don't think they have a web interface. I don't
>>> belive the 760s use IOS so this could be a bit of an adventure :)
>>>
>>> Can you post a copy of your current configuration with security details
>>> removed (i.e. usernames, passwords and IP addresses) ?
>>>
>>> Can you post your firmware version number ?
>>>
>>> Have you reset the router after making the configuration changes ?
>>>
>>> So just to check, you've enabled PAT using "SET IP PAT ON" then tried
>>> using "SET IP PAT PORTHANDLER 443 xxx.xxx.xxx.xxx". The configuration
>>> then shows these commands have been accepted but no data on 443 reaches
>>> the server ?
>>>
>>>
>>> --
>>> Hth,
>>> Stuart Mackie [MCP, MSP]
>>> www.stu.uk.com
>>>
>>>
>>> "WK" <wkent@netsandbytesdotcom> wrote in message
>>> news:u%23BY28SuEHA.2828@TK2MSFTNGP12.phx.gbl...
>>>> Hi Stuart,
>>>> I am using telnet from the LAN, can also use HyperTerminal via the
>>>> console cable.. I was not aware of a web interface. Cisco newbie :(
>>>> I am using the commands
>>>> show ip pat
>>>> set ip pat port <port number> <ipaddress of server>
>>>> The Cisco command manual says to issue this;
>>>> set ip pat port HT <server ip address> which allows 80 and 443. This
>>>> works and all is good.
>>>> This doesn't work.
>>>> set ip port pat HT <serveripaddress> OFF disabling HTTP & SSL
>>>> set ip pat port 443 <serveripaddress> Which should turn on 443 and does
>>>> according to show ip pat.
>>>> The server doesn't respond to any calls via ssl externally.
>>>>
>>>> Thanks for your help.
>>>> Wayne
>>>>
>>>>
>>>> "Stuart Mackie [MCP, MSP]"
>>>> <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> wrote in message
>>>> news:%236wySySuEHA.2128@TK2MSFTNGP11.phx.gbl...
>>>>> Hi Wk. How are you configuring the router, via the web interface or
>>>>> the CLI (command line interface) ?
>>>>>
>>>>> --
>>>>> Hth,
>>>>> Stuart Mackie [MCP, MSP]
>>>>> www.stu.uk.com
>>>>>
>>>>>
>>>>> "WK" <wkent@netsandbytesdotcom> wrote in message
>>>>> news:%23jSkBKSuEHA.2804@TK2MSFTNGP14.phx.gbl...
>>>>>> Hi,
>>>>>> SBS2003 dual NICS & ISA2000 SP2 FP1. Opened SMTP, OWA, RDP & RWW.
>>>>>> My client has a Cisco 760 aDSL router. I was able to program it,
>>>>>> Cisco newbie, to forward the common ports for SBS2003 and all is
>>>>>> working fine. My dilemma is that in order to forward 443 this router
>>>>>> must forward 80 which I don't like. I have read the manual for this
>>>>>> router but cannot find a solution. Does anyone have experience with
>>>>>> this, all suggestions gratefully received.
>>>>>>
>>>>>> WK
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Next message: Fredly: "Re: Missing Emails"
- Previous message: Steve Foster [SBS MVP]: "Re: Losing my rag with ISA and CA ETrust"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: Cisco 760"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
