Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1471
Views
0
Helpful
19
Replies

ACL question...

Go to solution
DAVID RICHWALSKI
Level 1
Level 1

‎12-27-2022 02:16 PM

I have a Cisco 3925 Router..

I want to "redirect" Port 80/443 to a different port ...I am hoping you may let me know if this is right..

ip nat inside source static tcp xxxx.xxxx.x.x 80 interface GigabitEthernet0/0 30080
ip nat inside source static tcp xxxx.xxxx.x.x 443 interface GigabitEthernet0/0 30443

access-list 101 permit tcp any any eq 30080 log
access-list 101 permit tcp any any eq 30443 log

Also do i always need to specify an ACL when oprening Ports?

Thanks.....

 

Labels:
0 Helpful
19 Replies 19

Go to solution
DAVID RICHWALSKI
Level 1
Level 1
In response to MHM Cisco World

‎12-27-2022 03:45 PM

this is the config i have been running through Cisco router now MY CURRENT ROUTER Cisco 3925 Router

I am grateful for your help as i am still READING AND LEARNING...

Preview file
16 KB
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to DAVID RICHWALSKI

‎12-27-2022 03:52 PM - edited ‎12-27-2022 03:53 PM 

access-list 1 remark --- GigabitEthernet0/2 MY LAN-(LAN) ---

access-list 100 remark --- GigabitEthernet0/2 MY LAN ---

access-list 101 remark --- GigabitEthernet0/0 SPECTRUM-(WAN)(DHCP-bootps/bootpc) ---

 

ONLY you need what you mention in your original post, this ACL need to pass the ACL you apply to WAN interface. 

access-list 101 permit tcp any any eq 30080 log
access-list 101 permit tcp any any eq 30443 log

no need any other change. you config is perfect. 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to DAVID RICHWALSKI

‎12-28-2022 01:31 AM

Hello,

is this configuration actually working, that is, do you have external connectivity ? You have both 'ip nat inside/outside' and 'ip nat enable' configured on your interfaces. Also, the access list you are using for NAT overload (101) has a lot of 'log' statements, which (used to) cause these packets to be process-switches and break your NAT.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Georg Pauwen

‎12-28-2022 11:49 AM

first thanks for you notes:- 
I think he use 1 not 101 in his NAT overload 
and for ip nat inside/outside and ip nat enable I run lab to see if it effect the NAT overload or not, and it not effect the NAT.Screenshot (333).png
hope this clear to you the point of ip nat inside/outside and enable. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎12-27-2022 03:26 PM

to be 100% sure that My suggestion is right please share all config, not part of it

0 Helpful
Customers Also Viewed These Support Documents