03-26-2019 07:08 AM - edited 03-26-2019 11:55 PM
Hi,
I have a router which I have inherited with a network. Need to add a port forward to forward traffic on the Dialler0 port tcp/443 to the internal IP 10.20.24.49 on tcp/443.
I have tried adding a static NAT statement:
ip nat inside source static tcp 10.20.24.49 443 interface Dialer0 443
Which when trying to connect to http://1.2.3.4 in a browser and running 'sh ip nat translations' shows a list of active translations.
Router# sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 1.2.3.4:443 10.20.24.49:443 2.3.4.5:27916 2.3.4.5:27916
tcp1.2.3.4:443 10.20.24.49:443 2.3.4.5:53112 2.3.4.5:53112
tcp1.2.3.4:443 10.20.24.49:443 2.3.4.5:59827 2.3.4.5:59827
There is a number of ACLs which seem to correspond to policy maps / zone pairs in the current config. Not sure if I need to add in an additional ACL to allow tcp/443 in addition to the static NAT statement.
Is anyone able to give me a pointer?
Thanks
Solved! Go to Solution.
03-26-2019 08:59 AM - edited 03-26-2019 09:19 AM
Hi,
You will need to create an acl, class map, policy map and a new zone-pair for OUTSIDE to INSIDE. E.g:-
ip access-list extended OUTSIDE->INSIDE
permit tcp any host 172.20.24.49 eq 80
class-map type inspect match-any OUTSIDE->INSIDE
match access-group name OUTSIDE->INSIDE
policy-map type inspect PM_OUTSIDE->INSIDE
class type inspect OUTSIDE->INSIDE
inspect
class class-default
drop log
zone-pair security OUTSIDE->INSIDE source OUTSIDE destination INSIDE
service-policy type inspect PM_OUTSIDE->INSIDE
HTH
03-26-2019 08:59 AM - edited 03-26-2019 09:19 AM
Hi,
You will need to create an acl, class map, policy map and a new zone-pair for OUTSIDE to INSIDE. E.g:-
ip access-list extended OUTSIDE->INSIDE
permit tcp any host 172.20.24.49 eq 80
class-map type inspect match-any OUTSIDE->INSIDE
match access-group name OUTSIDE->INSIDE
policy-map type inspect PM_OUTSIDE->INSIDE
class type inspect OUTSIDE->INSIDE
inspect
class class-default
drop log
zone-pair security OUTSIDE->INSIDE source OUTSIDE destination INSIDE
service-policy type inspect PM_OUTSIDE->INSIDE
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide