Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Help Opening a Port on a Cisco Router

Help Opening a Port on a Cisco Router 8 years 9 months ago #25259

  • tanger
  • tanger's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
Dear All,

This is probably a very simple question to answer for those of you with the knowledge but currently I am awaiting Cisco training and I need to open a port on two Cisco 800 series routers.

Basically, I have a timeclock device that will communicate with a server on another site on port 5005.

So I need to open up port 5005 on both ends (on each router), both routers are the same Cisco 800 series (837 from memory) and only have the telnet console. So I'm assuming it'll be the same command twice (once on each router).

I have been searching through the posts here and on the Cisco website but really it all looks like a foreign language. I'm sure once I have a bit of training all will become clear.

I would greatly appreciate any help anyone can give me - point me to a website, forum post I missed or if you have the time the line of coding required.

Thanks in advance,

Tanger
The administrator has disabled public write access.

Re: Help Opening a Port on a Cisco Router 8 years 9 months ago #25264

  • Chojin
  • Chojin's Avatar
  • Offline
  • Senior Member
  • Posts: 251
  • Karma: 0
If you want to allow your router to permit port 5005 than you don't have to do anything unless you have Access lists configured.

Routers without access list basicly 'route' traffic (that is ofcourse if you have your routing working).
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
The administrator has disabled public write access.

Re: Help Opening a Port on a Cisco Router 8 years 9 months ago #25271

  • tanger
  • tanger's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
Yes I have configured access-lists, not by me (to be honest I don't know how) but by consultants who set the system up before I joined the company.

Are the commands to configure the access-list similar to what I see when I do a show access-lists command

for example

I see

permit tcp any host (router ip) eq www (assume this is port 80)

Can I do the following command to add port 5005 to the access-list?

permit tcp any host (router ip) eq 5005 (5005 for the port I want open)
The administrator has disabled public write access.

Re: Help Opening a Port on a Cisco Router 8 years 9 months ago #25273

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
actually... lets assume it's using tcp protocol:

access-list 100 permit tcp host 192.168.1.1 host 192.168.2.2 eq 5005
access-list 100 permit tcp host 192.168.1.1 host 192.168.2.2 eq 23

This creates an access-list 100 which permits host 192.168.1.1 to send traffic to 192.168.2.2 on tcp port 5005. THe second line opens up the telnet port.

NOw, the las thing to do is apply the access-list to an interface.


There is an implicit deny all at the end of every ACL... unless the traffic is explicitly defined, it won't pass through the acl.


Yes I have configured access-lists, not by me (to be honest I don't know how) but by consultants who set the system up before I joined the company.

Are the commands to configure the access-list similar to what I see when I do a show access-lists command

for example

I see

permit tcp any host (router ip) eq www (assume this is port 80)

Can I do the following command to add port 5005 to the access-list?

permit tcp any host (router ip) eq 5005 (5005 for the port I want open)
The administrator has disabled public write access.

Re: Help Opening a Port on a Cisco Router 8 years 9 months ago #25279

  • Chojin
  • Chojin's Avatar
  • Offline
  • Senior Member
  • Posts: 251
  • Karma: 0
You should add the rules to your current Access-list as you said.

Depending on your IOS you can add rules between your current rules.

With the newer versions you have access lists like :

Extended IP access list 101
10 permit ip host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx eq 23
20 permit ip host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx eq 23
30 permit ip 10.0.0.0 255.0.0.0 host xxx.xxx.xxx.xxx eq 80
etc

Now you add the rules simply by using :

>enable
>conf t
>ip access-list extended 101
>15 permit ip host 192.168.1.200 host 192.168.2.200 eq 5005

Hope this will help.
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
The administrator has disabled public write access.

Re: Help Opening a Port on a Cisco Router 8 years 9 months ago #25291

  • tanger
  • tanger's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
Thank you very very much Chojin and Elohim for all your help, this has helped me add the necessary port permissions and it seems the device is talking to the server.

I have a couple questions on a side note.

Do the access list lines enable two way communication? For your example Elohim of

access-list 100 permit tcp host 192.168.1.1 host 192.168.2.2 eq 5005

Do I need to do two lines to enable two way communication (incoming traffic and outgoing traffic)? In the case of the above example put the following two lines in the access list.

access-list 100 permit tcp host 192.168.1.1 host 192.168.2.2 eq 5005
access-list 100 permit tcp host 192.168.2.2 host 192.168.1.1 eq 5005

The other question I have was in regards to the names of the access lists themselves and regarding the order. I understand the firewall rule principle (am versed in Win ISA) but the Cisco coding was the stumbling block for me. If I currently have an access list 150 and for some reason I wanted to create another firstly, can I do that (have multiple access lists) and secondly if I can and I created an access list 100 since the number 100 is lower then 150 would its rules take effect first?

Much appreciated,

tanger
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup