Hi

countrywifi · ‎08-08-2017

I have an ISR4331 with Firewall.

This firewall was something that we took over on an IT contract we are now doing and it configured as a Zone based firewall.. Most of the stuff that i've done with Cisco is with ASA's. The commands seem similar but i'm sure i'm missing something.

There on the G0/0/0 Interface is where the internet is located. G0/0/1 is the internal network.

I have multiple VLans within that network where as G0/0/1.50 is one of them.

I need to route port 40000 and 40001 to an IP on that subnet ( 172.16.50.xx )

Should I be able to NAT directly from the outside interface to the IP of the device directly or is there something more complex required to get the traffic to the VLan 50 device?

TIA

Francesco Molino · ‎08-08-2017

Hi

If you want to nat your tcp port from your wan interface ip to your internal IP, you need to ensure that your wan g0/0/0 had been configured with ip nat outside and your internal g0/0/1.50 interface configured with ip nat inside.

Then the command would be:

ip nat inside source static tcp 172.16.50.x 40000 interface Git0/0/0 40000

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

countrywifi · ‎08-08-2017

My command in the config at the moment is

ip nat inside source static tcp 172.16.50.30 40000 interface GigabitEthernet0/0/0 40000 extendable

Inside my ACL I also have

permit tcp any any eq 40000

Francesco Molino · ‎08-09-2017

Hi

Can you give us in a text file the output of show ip nat translation?

And also your config?

Have you tried to run a debug ip nat? If yes can you paste the result of that debug?

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

NAT/Port Forwarding in ISR4331 Zone Based Firewall