06-04-2012 07:22 AM - edited 03-04-2019 04:33 PM
hello! everybody i'm a novice why this static nat is invalid The following is config
ip nat pool wan xx.xx.xx.xx netmask 255.255.255.240
ip nat source static tcp 192.168.2.5 5555 xx.xx.xx.xx 5555 extendable
ip nat inside source route-map office pool wan overload
penghai#show ip nat trans
Pro Inside global Inside local Outside local Outside global
udp xx.xx.xx.xx:31 192.168.2.5:137 192.168.2.255:137 192.168.2.255:137
udp xx.xx.xx.xx:32 192.168.2.5:138 192.168.2.255:138 192.168.2.255:138
tcp xx.xx.xx.xx:3648 192.168.2.5:3648 23.11.206.176:443 23.11.206.176:443
tcp xx.xx.xx.xx:3652 192.168.2.5:3652 23.11.206.176:443 23.11.206.176:443
udp xx.xx.xx.xx:40 192.168.2.11:137 192.168.2.255:137 192.168.2.255:137
how should i do ? thank for answer
Solved! Go to Solution.
06-04-2012 07:30 AM
Hi,
ip nat inside source static tcp 192.168.2.5 5555 xx.xx.xx.xx 5555 extendable
Regards.
Alain
06-04-2012 07:30 AM
Hi,
ip nat inside source static tcp 192.168.2.5 5555 xx.xx.xx.xx 5555 extendable
Regards.
Alain
06-04-2012 08:06 AM
thanks you very much ! i have another problem i can't open this page
06-04-2012 08:18 AM
http://xx.xx.xx.xx:5555 why i can't open it ? However, other routers can open
06-04-2012 08:44 AM
Hi,
What do you mean other routers can open it ?
Can you post your running config.
Regards.
Alain
06-04-2012 10:28 PM
hi my office computer ip is 192.168.2.5
i install a remote soft (remote anywhere) on this computer open -ports 5555
when i at home i want to remote access this computer with port 5555
i've used other routers (not cisco) what i do
is this possible ? is this safe?h
06-04-2012 11:06 PM
Hi,
of course this is possible but we need your running-config to try help you further.
I would rather use a VPN to access this computer( Remote access VPN with RDP for example).
Regards.
Alain
06-05-2012 07:03 AM
ok the following is conifg
Building configuration...
Current configuration : 6063 bytes
!
! Last configuration change at 14:31:49 UTC Mon Jun 4 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname penghai
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$ZG/.$UANvz6dWrsOZntVY5GeZi.
enable password 7 12415446425959
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.254
ip dhcp excluded-address 192.168.2.1 192.168.2.20
ip dhcp excluded-address 192.168.2.12
!
ip dhcp pool office
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 202.96.134.133 202.96.128.68
lease 2 2 2
!
ip dhcp pool kefang
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 202.96.134.133 202.96.128.68
lease 2 2 2
!
!
ip domain name yourdomain.com
ip name-server 202.96.134.133
ip name-server 202.96.128.68
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3448292759
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3448292759
revocation-check none
rsakeypair TP-self-signed-3448292759
!
!
crypto pki certificate chain TP-self-signed-3448292759
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343438 32393237 3539301E 170D3132 30353133 31303330
33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34343832
39323735 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DD8E B9F5DE89 C04EB114 42EAB25F 064A0693 7746D56A 113E8FFB 5CB0E910
EA579D7D 83C18103 29AEC73E 2A3AC7C6 032468B6 010D8A04 B6D3DE8A 74C4723F
0BFB5642 A37CFA22 E8002173 AD235BAB B9FBE933 A075D776 273954A1 302A24F1
C5A54062 E22C0DD6 7C6A3437 BB6D8E43 0D37FD8F BE68FCB6 EE470E3B 85BF7E78
F1190203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
551D1104 1A301882 1670656E 67686169 2E796F75 72646F6D 61696E2E 636F6D30
1F060355 1D230418 30168014 23612092 C8FFD328 BA8A9149 F3A1DE34 40077B8E
301D0603 551D0E04 16041423 612092C8 FFD328BA 8A9149F3 A1DE3440 077B8E30
0D06092A 864886F7 0D010104 05000381 81009593 7B6E3A92 93875781 D1C9939A
0052A66A C216B2F8 C0D50DE4 1456150B 9A1258FE 22DF61F9 F524000D 94DFCCE4
540CDBAC 6ACD1EB9 D69D460C FDCD9927 57E2495C 70F92F36 D047B083 C3630E48
CA62D2BC 69BB564D E8906F59 BB9732B3 35B20AC5 358DBE30 78495264 C9243091
695AAD3B 5ECE38B5 B1058A0F A95290F1 B0D5
quit
license udi pid CISCO2911/K9 sn FGL16141193
!
!
username xiao privilege 15 password 7 014B57550B5953
!
!
!
policy-map sdm-qos-test-123
class class-default
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
ip address xx.xx.xx.xx 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map route
duplex auto
speed auto
!
interface GigabitEthernet0/2.1
encapsulation dot1Q 1 native
ip address 192.168.20.1 255.255.255.0
ip access-group 10 out
ip nat inside
ip virtual-reassembly
ip policy route-map route
!
interface GigabitEthernet0/2.10
encapsulation dot1Q 10
ip address 192.168.10.253 255.255.255.0
ip access-group 50 out
!
interface GigabitEthernet0/2.40
encapsulation dot1Q 40
ip address 192.168.2.1 255.255.255.0
ip access-group 188 in
ip nat inside
ip virtual-reassembly
ip policy route-map route
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp pap sent-username 12345678@163.gd password 7 13212E312C2F2C1802
!
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat translation timeout 120
ip nat translation tcp-timeout 60
ip nat translation icmp-timeout 180
ip nat translation max-entries all-host 200
ip nat pool wan xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.240
ip nat inside source route-map kefang interface Dialer1 overload
ip nat inside source route-map office pool wan overload
ip nat inside source static tcp 192.168.2.5 5555 xx.xx.xx.xx 5555 extendable
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 2 permit 192.168.2.0 0.0.0.127
access-list 10 deny 192.168.2.0 0.0.0.255
access-list 10 permit any
access-list 20 permit 192.168.20.0 0.0.0.255
access-list 20 permit 192.168.2.128 0.0.0.127
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.10.0 0.0.0.255
access-list 50 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 host 192.168.10.1
access-list 188 permit tcp 192.168.2.0 0.0.0.255 host 192.168.10.1 eq 1433
access-list 188 deny ip 192.168.2.0 0.0.0.255 host 192.168.10.1
access-list 188 permit ip any any
!
route-map office permit 10
match ip address 2
!
route-map kefang permit 10
match ip address 20
!
route-map permit permit 30
!
route-map route permit 1
match ip address 101
set ip next-hop 192.168.10.1
!
route-map route permit 10
match ip address 2
set ip next-hop xx.xx.xx.xx
!
route-map route permit 20
match ip address 20
set interface Dialer1
!
!
!
control-plane
!
!
line con 0
password 7 005C425754095E
login
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 30 30
password 7 154A5A5D54787E
login
transport input telnet ssh
line vty 5 15
access-class 23 in
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
penghai#
penghai#
penghai#
penghai#
penghai#
penghai#
penghai#
penghai#
penghai#
penghai#
06-04-2012 07:33 AM
Pls. check below for more clarity....
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml
Pls. try below....
ip nat pool WAN XX.XX.XX.227 XX.XX.XX.227 netmask 255.255.255.240
Reg
Sanjeev
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide