Showing results for 
Search instead for 
Did you mean: 

routing decision based on ports

is it possible for a router say 2600 series to based its routing decision on the incoming ports used?


1 if the incoming traffic is smtp/pop3, route it to mail server with ip address X on the LAN

2. And if the incoming traffic is http, route it to the www server with ip address Y on the LAN

Both X and Y are on the ethrnet side of the router and are of private addresses....The obvious purpose of which is to use a single public IP address which is just on the serial side of the router to allow both http pop3/smtp access from the outside...the services are provided by the X and Y servers on the LAN.


Rising star

Configure static NAT mappings on the router to direct traffic differently for different TCP ports. For instance:

ip nat inside source static tcp 25 25

ip nat inside source static tcp 110 110

ip nat inside source static tcp 25 80

Where is your mailserver, is your webserver, and is your single public IP address.

For those of you who are looking for the documentation on this feature, this is called "Port Address Translation" and it works beautifully.

The only problem with PAT I ran into was actually on a PIX with 6.2. I found that I could not find a way to port map the PIX's outside interface to an internal windows 2000 VPN server. The reason for this is that PAT only wants to work with TCP or UDP protocol ports, and the windows 2000 VPN server needed a GRE protocol mapping. Thus I had to use a second global address for VPN port forwarding, by way of a statically mapped NAT address.

One of you will probably tell me that I could have done it some other way!


Yes it is possible. One way I can think of is by implementing Policy-Based Routing.

Jorge Rodriguez

thx a lot this just mean i can use multiple services hosted by different servers which are accessible from outside without availing multiple public ip addresses...what is d advantages of having public ip address on each servers as compared to using a public ip address only on d serial interface.