Google Answers: router

View Question

Q: router ( No Answer, 1 Comment )

Question

Subject: router
Category: Miscellaneous
Asked by: ramond-ga
List Price: $2.00

Posted: 31 Mar 2004 06:21 PST
Expires: 30 Apr 2004 07:21 PDT
Question ID: 322937

how do I open/close a port on a cisco 2600 router?

Answer

There is no answer at this time.

Comments

Subject: Re: router
From: alkali-ga on 03 Apr 2004 12:05 PST

Ramond,

The information you provide is not really sufficient to answer the question.

The Cisco 2600 is a series of flexible and powerful routers with many
configuration options. Perhaps you can explain exactly what you wish
to do. In addition, it would be helpful to have the following
information:

- What is the IOS (operating system) version on the router
- What is the hardware configuration of the router, plus the exact model number
- What is the existing application (eg. routing, bridging, VPN, etcetera)

Without that information, it is impossible to know whether you are
talking about opening a remote management port or opening a port for
access through a firewall or some other port.

Reading between the lines, however, I am guessing that you are running
the IOS firewall and you wish to permit incoming TCP traffic from the
Internet to a particular host on your LAN. This is accomplished with
access lists.

The configuration depends upon whether you are using NAT. If not, use
a line such as:

access-list 101 permit tcp 0.0.0.0 255.255.255.255 aaa.bbb.ccc.ddd 0.0.0.0 eq xx

Replace aaa.bbb.ccc.ddd with the IP address of the host on your lan to
which you wish to allow traffic, and replace xx with the port number
to which the traffic is addressed, for example 80 for HTTP.

Make sure you activate the access list with a line such as:

ip access 101 in

on the interface to which you wish the list to apply.

If you are using NAT, the process is more complicated. You have to use
a line such as:

ip nat inside source static tcp aaa.bbb.ccc.ddd xx www.xxx.yyy.zzz yy extendable

This is called static NAT or PAT (Port Address Translation). Replace
the aaa.bbb.ccc.ddd with the address of the machine on your LAN and
www.xxx.yyy.zzz with your outside IP address. xx is the port your
server serves on, and yy is the original destination port.

You must remember to enable NAT for each relevant interface with the
statement "ip nat inside" or "ip nat outside".

There is much more to be done depending upon your exact configuration,
but that should get you started.

Alan Kali

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy