1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

    Dismiss Notice
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Cisco port forwarding question

Discussion in 'Routers' started by loganx1121, Sep 23, 2019.

Tags:
  1. loganx1121

    loganx1121 New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    7
    Hello!

    I have a Cisco 7206VXR running Version 12.4(12.2r)T. I have an openfire XMPP server that needs to have port 5222 forwarded.

    Server is 10.5.7.18. G0/1 is my WAN interface

    My current NAT ACL for overload looks like this:

    Standard IP access list NAT
    10 permit 10.5.5.0 0.0.0.255
    20 permit 10.5.6.0 0.0.0.255
    40 permit 10.5.7.0 0.0.0.255
    50 permit 192.168.50.0 0.0.0.255

    I tried ip nat inside source static tcp 10.5.7.18 5222 int g0/1 5222 - when I did this, it said port 5222 is being used by system. I assumed this was because I had first implemented a NAT overload so my subnets could get out to the internet. I got around this by shutting the outside interface, clearing translations, and then it took the static NAT statement.

    However, it doesn't seem to be working. "Show ip nat translations" doesn't show anything for 10.5.7.18:5222 and the chat server is still offline. I removed the nat statements, the ACL, ip nat inside and outside commands, shut all the interfaces, rebooted the router, confirmed there was no NAT config present of any kind, re-applied the static, then the overload. Internet works, but still not seeing the port forward happening.

    I'm pulling my hair out over this one. Any help would be much appreciated!
     
  2. loganx1121

    loganx1121 New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    7
    I've updated the router version to Version 15.0(1)M3. No change as of yet
     
  3. loganx1121

    loganx1121 New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    7
    I'm now seeing this

    tcp x.x.x.x:5222 10.5.7.18:5222 --- ---

    The outside global and outside local addresses aren't showing apparently
     
    Last edited: Sep 23, 2019
  4. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,334
    Location:
    texas
    tcp 73.61.88.20:5222 10.5.7.18:5222 --- --- sounds like you have IP:port to IP:port Is 73.61.88.20:5222 not your outside IP? You have 4 class C networks with permits.

    Try DSLreports/ Cisco forum. Those guys are good at Cisco IOS. It has been too long for me. When we ran 7206s they were running multiple T1s, no firewalls. The old PIX was our firewall.
     
  5. loganx1121

    loganx1121 New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    7
    Hey thanks for responding! Yes that is my outside IP. I've posted on the cisco forum, and spiceworks, and reddit, and every where else I can think of. So far you and 2 others are the only ones who have offered any advice so thank you!
     
  6. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,334
    Location:
    texas
    Any chance you need udp?
     
  7. loganx1121

    loganx1121 New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    7
    Nope the documentation says TCP for the openfire server
     
  8. loganx1121

    loganx1121 New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    7
    I managed to fix this. The overload 10.5.7.0 0.0.0.255 in the ACL was conflicting. I adjusted the ACL to include the other servers on that subnet, but did not include the one I needed port forwarded. Then I did the static NAT with the port forward and all seems to work.
     
    L&LD likes this.
  9. carol1

    carol1 New Around Here

    Joined:
    Dec 23, 2019
    Messages:
    1
  10. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,334
    Location:
    texas