06-18-2023 04:03 PM
please sir
can someone help me to solve this problem please
I have a 2900 series rotator so I have voice traffic which comes from the public ip 197.231.xxx.xxx which must arrive at its destination on a local server 192.168.30.21 but the local server's firewalls block the traffic
I would like to block the 80 from the ip 197.231.xxx.xxx and send it back by the private ip 192.168.30.21:5060 but the nat that I am using is blocking my router
here is the conig that I made if you can give me a correction please
interface GigabitEthernet0/0
ip address 197.231.xxx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.30.10 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat source static 197.231.xxx.xxx 255.255.255.252
ip nat inside source static 192.168.30.10 255.255.255.0
ip nat outside source static 197.231.xxx.xxx 255.255.255.252
ip route 0.0.0.0 0.0.0.0 197.231.xxx.xxx
06-18-2023 04:48 PM
Hi
I might say this is confuse.
"can someone help me to solve this problem please
I have a 2900 series rotator so I have voice traffic which comes from the public ip 197.231.xxx.xxx which must arrive at its destination on a local server 192.168.30.21 but the local server's firewalls block the traffic"
The server´s firewall is blocking the traffic intentionally or this is a misconfiguration? dont follow you here.
"I would like to block the 80 from the ip 197.231.xxx.xxx and send it back by the private ip 192.168.30.21:5060 but the nat that I am using is blocking my router"
Are you saying here that you dont want the server to be open to the internet on port 80?
Port 5060 is SIP port and if this is a VOIP server, that port need to ne open.
NAT have no hability to block. You need to be more clear on this point.
"here is the conig that I made if you can give me a correction please"
ip nat source static 197.231.xxx.xxx 255.255.255.252
ip nat inside source static 192.168.30.10 255.255.255.0
ip nat outside source static 197.231.xxx.xxx 255.255.255.252
Those NAT statement is wrong. The NAT should be like this
ip nat inside source static <first IP address> <second IP address> I never saw the usage of subnet mask on this command.
If what you are trying to achieve is PAT, you can do like this
ip nat outside source static tcp 197.231.xxx.xxx 5060 192.168.30.10 5060
06-18-2023 11:49 PM
hello flavio i mean that traffic from 197.230.xxx.xxx:80 must go to 192.168.:5060 because my server is blocking port 80
clearly my local server should not detect the public port 80
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide