Re: Static Nating specific IP ports only

tonyw · ‎07-18-2003

We have a client that only has a single public IP address which is also the address of thier mail server. We are using an ADSL 827 router for thier internet connection and using NAT overload for general internet access from the local LAN and static NAT for the mail server (both to the single public IP address). All this works fine, but the problem is that we want to create an IPSEC VPN between us and them and access the 827 router via the internet. At the moment when we try to connect to the router in any way it apears that all the traffic is being pased through to the mail server because of the static NATing. So the question is how can we perform the static NATing on specified IP ports only?

gfullage · ‎07-20-2003

Do the following:

interface Serial0

description Internet-facing interface

ip nat outside

interface Ethernet0

description Inside interface

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip nat inside source list 100 interface Serial0 overload

ip nat inside source static tcp 10.1.1.2 25 interface Serial0 25

access-list 100 permit ip 10.1.1.0 0.0.0.255 any

This will set up a translation for any TCP packets destined to the outside interface's IP address on port 25, and send it through to 10.1.1.2 on port 25. Obviously replace the 10.1.1.2 with whatever your SMTP server is.

Also, if you're going to set up a VPN to this router, you need to do a little funky routing becuase of the static you have in place. Follow the instructions on this sample config and you should be good:

http://www.cisco.com/warp/public/707/static.html

tonyw · ‎07-22-2003

works a treat, thanks