What's new

Cisco port forwarding question

loganx1121

New Around Here
Hello!

I have a Cisco 7206VXR running Version 12.4(12.2r)T. I have an openfire XMPP server that needs to have port 5222 forwarded.

Server is 10.5.7.18. G0/1 is my WAN interface

My current NAT ACL for overload looks like this:

Standard IP access list NAT
10 permit 10.5.5.0 0.0.0.255
20 permit 10.5.6.0 0.0.0.255
40 permit 10.5.7.0 0.0.0.255
50 permit 192.168.50.0 0.0.0.255

I tried ip nat inside source static tcp 10.5.7.18 5222 int g0/1 5222 - when I did this, it said port 5222 is being used by system. I assumed this was because I had first implemented a NAT overload so my subnets could get out to the internet. I got around this by shutting the outside interface, clearing translations, and then it took the static NAT statement.

However, it doesn't seem to be working. "Show ip nat translations" doesn't show anything for 10.5.7.18:5222 and the chat server is still offline. I removed the nat statements, the ACL, ip nat inside and outside commands, shut all the interfaces, rebooted the router, confirmed there was no NAT config present of any kind, re-applied the static, then the overload. Internet works, but still not seeing the port forward happening.

I'm pulling my hair out over this one. Any help would be much appreciated!
 

loganx1121

New Around Here
I'm now seeing this

tcp x.x.x.x:5222 10.5.7.18:5222 --- ---

The outside global and outside local addresses aren't showing apparently
 
Last edited:

coxhaus

Part of the Furniture
tcp 73.61.88.20:5222 10.5.7.18:5222 --- --- sounds like you have IP:port to IP:port Is 73.61.88.20:5222 not your outside IP? You have 4 class C networks with permits.

Try DSLreports/ Cisco forum. Those guys are good at Cisco IOS. It has been too long for me. When we ran 7206s they were running multiple T1s, no firewalls. The old PIX was our firewall.
 

loganx1121

New Around Here
tcp 73.61.88.20:5222 10.5.7.18:5222 --- --- sounds like you have IP:port to IP:port Is 73.61.88.20:5222 not your outside IP? You have 4 class C networks with permits.

Try DSLreports/ Cisco forum. Those guys are good at Cisco IOS. It has been too long for me. When we ran 7206s they were running multiple T1s, no firewalls. The old PIX was our firewall.
Hey thanks for responding! Yes that is my outside IP. I've posted on the cisco forum, and spiceworks, and reddit, and every where else I can think of. So far you and 2 others are the only ones who have offered any advice so thank you!
 

loganx1121

New Around Here
I managed to fix this. The overload 10.5.7.0 0.0.0.255 in the ACL was conflicting. I adjusted the ACL to include the other servers on that subnet, but did not include the one I needed port forwarded. Then I did the static NAT with the port forward and all seems to work.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top