02-02-2007 01:07 AM - edited 03-11-2019 02:28 AM
Hello
I have a C800-router that connects a local office LAN to internet. It?s configured like this
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address <yadayada>
ip access-group Outside_ACL_in2 in
ip nat outside
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.16.1 255.255.255.0
ip access-group Inside_ACL_in in
ip nat inside
!
ip nat inside source route-map NAT_RMAP_1 interface Dialer0 overload
(route map NAT_RMAP_1 is an ACL for split-tunneling, denying traffic going into a VPN-tunnel, everything else is nat:ed)
Now: I need to allow connections from internet (tcp/3389 and tcp/5900) to the outside ip address to be translated and forwarded to the inside host 192.168.16.100.
I am more used to pix/asa:s, and there I should simply add a few static and permit the traffic in the outside acl.
But, how do I do this in IOS?
Thanks for your help!
Regards jimmy
Solved! Go to Solution.
02-02-2007 07:11 AM
Jimmy-
These are equivalent to 'statics' on PIX/ASA.
ip nat inside source static tcp 192.168.16.100 3389
ip nat inside source static tcp 192.168.16.100 5900
You will still need to give access via the ACL.
HTH and please rate.
02-02-2007 07:11 AM
Jimmy-
These are equivalent to 'statics' on PIX/ASA.
ip nat inside source static tcp 192.168.16.100 3389
ip nat inside source static tcp 192.168.16.100 5900
You will still need to give access via the ACL.
HTH and please rate.
02-03-2007 03:31 AM
Great. Thanks a lot!
Just to be sure... I assume I will permit traffic to the outside IP (not the NAT:ed one) in the outside acl, just the way it works in Pix/ASA?
Best Regards
Jimmy
02-05-2007 06:23 AM
Yes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide