03-04-2010
08:03 AM
- last edited on
02-21-2020
11:20 PM
by
cc_security_adm
Need to know what is the specific command on natting an ip to another ip via a port number. Here is an example of what I think it should be but can't find the correct verbege.
This what I have listed which opens it up to any IP.
access-list 101 extended permit tcp any host 68.156.91.20 eq 23032
Here is what I would like to see, but I know the verbage is wrong or I am missing something more.
access-list 101 extended permit ip 74.165.236.76 255.255.255.248 68.156.91.20 255.255.255.224 eq 23032
Please assist?
Solved! Go to Solution.
03-05-2010 08:04 AM
That is exactly right. Note that when you look at the config it will replace it with this line-
access-list 101 extended permit tcp host 74.165.236.76 host 68.156.91.20 eq 23032
When you write the ACL you can either enter 255.255.255.255 or precede the IP with the keyword host.
03-04-2010 09:25 AM
Oh so close!
access-list 101 extended permit tcp 74.165.236.76 255.255.255.248 68.156.91.20 255.255.255.224 eq 23032
This is just the ACL though and you mentioned NAT. Will you be NATing from one port to another?
03-04-2010 09:50 AM
Yeah tried that one, but it didn't work. It's message.
ERROR: IP address,mask <74.165.236.76,255.255.255.248> doesn't pair
Probably something wrong with the IP's mask?
03-04-2010 11:39 AM
Yes there is. You need to specify the subnet and not a host in it.
access-list 101 extended permit tcp 74.165.236.72 255.255.255.248 68.156.91.0 255.255.255.224 eq 23032
You can specify just a host too.
03-04-2010 01:20 PM
It worked in placing that information in their now. I just need to be sure the agency can access it. I have another one as well, trying to determine its subnet host.
You have a useful tool on getting that information faster?
03-04-2010 01:35 PM
You bet. Here's a link to a free subnet calculator.
http://www.solarwinds.com/products/freetools/free_subnet_calculator.aspx
03-05-2010 07:21 AM
One more question Collin, specifiying the subnet was easy. Now locking it down to a specific IP, is that impossible? Does the command look something like this?
access-list 101 extended permit tcp 74.165.236.76 255.255.255.255 68.156.91.20 255.255.255.255 eq 23032
Will this work? Overall this is where I am trying to get to.
03-05-2010 08:04 AM
That is exactly right. Note that when you look at the config it will replace it with this line-
access-list 101 extended permit tcp host 74.165.236.76 host 68.156.91.20 eq 23032
When you write the ACL you can either enter 255.255.255.255 or precede the IP with the keyword host.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide