Solved: Re: ACL question... - Page 2

DAVID RICHWALSKI · ‎12-27-2022

I have a Cisco 3925 Router..

I want to "redirect" Port 80/443 to a different port ...I am hoping you may let me know if this is right..

ip nat inside source static tcp xxxx.xxxx.x.x 80 interface GigabitEthernet0/0 30080
ip nat inside source static tcp xxxx.xxxx.x.x 443 interface GigabitEthernet0/0 30443

access-list 101 permit tcp any any eq 30080 log
access-list 101 permit tcp any any eq 30443 log

Also do i always need to specify an ACL when oprening Ports?

Thanks.....

DAVID RICHWALSKI · ‎12-27-2022

this is the config i have been running through Cisco router now MY CURRENT ROUTER Cisco 3925 Router

I am grateful for your help as i am still READING AND LEARNING...

MHM Cisco World · ‎12-27-2022

access-list 1 remark --- GigabitEthernet0/2 MY LAN-(LAN) ---

access-list 100 remark --- GigabitEthernet0/2 MY LAN ---

access-list 101 remark --- GigabitEthernet0/0 SPECTRUM-(WAN)(DHCP-bootps/bootpc) ---

ONLY you need what you mention in your original post, this ACL need to pass the ACL you apply to WAN interface.

access-list 101 permit tcp any any eq 30080 log
access-list 101 permit tcp any any eq 30443 log

no need any other change. you config is perfect.

Georg Pauwen · ‎12-28-2022

Hello,

is this configuration actually working, that is, do you have external connectivity ? You have both 'ip nat inside/outside' and 'ip nat enable' configured on your interfaces. Also, the access list you are using for NAT overload (101) has a lot of 'log' statements, which (used to) cause these packets to be process-switches and break your NAT.

MHM Cisco World · ‎12-28-2022

first thanks for you notes:-
I think he use 1 not 101 in his NAT overload
and for ip nat inside/outside and ip nat enable I run lab to see if it effect the NAT overload or not, and it not effect the NAT.
hope this clear to you the point of ip nat inside/outside and enable.

MHM Cisco World · ‎12-27-2022

to be 100% sure that My suggestion is right please share all config, not part of it