Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
512
Views
0
Helpful
1
Replies

custom port forwarding

Go to solution
Exonix
Level 1
Level 1

‎03-19-2018 08:17 AM - edited ‎03-05-2019 10:08 AM

Hello, I have ISR 886VA. I need to configure a custom port forwarding: allow 80 port to a host from particular IP network?
Do i do everything right? I would try it myself on Cisco but I could interrupt the current sessions.

#conf t
(config)#ip access-list extended 102
(config-ext-nacl)#permit tcp host 10.255.0.100 eq 80 XXX.XXX.XXX.XXX 0.0.0.255 eq 80
(config-ext-nacl)#permit ip any any
(config-ext-nacl)#exit
(config)#interface Dialer0
(config-if)#ip access-group 102 in
(config-if)#end
#wr

Do I need to add:
ip nat inside source static tcp 10.255.0.100 80 interface Dialer0 80

 

Thank you in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Exonix
Level 1
Level 1

‎03-26-2018 11:39 PM

My mistake was that I tried to allow internal IP address in the ACL rule. The solution is:

(config)#ip access-list extended 102 
(config-ext-nacl)#permit tcp host external.cisco.ip.address eq 80 remote.network.range 0.0.0.255 eq 80 
(config-ext-nacl)#deny tcp any host external.cisco.ip.address eq www 
(config-ext-nacl)#permit ip any any 
(config-ext-nacl)#exit 
(config)#ip nat inside source static tcp dmz.server.ip.address 80 interface Dialer0 80 
(config)#interface Dialer0 
(config-if)#ip access-group 102 in 
(config-if)#end 
wr

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Exonix
Level 1
Level 1

‎03-26-2018 11:39 PM

My mistake was that I tried to allow internal IP address in the ACL rule. The solution is:

(config)#ip access-list extended 102 
(config-ext-nacl)#permit tcp host external.cisco.ip.address eq 80 remote.network.range 0.0.0.255 eq 80 
(config-ext-nacl)#deny tcp any host external.cisco.ip.address eq www 
(config-ext-nacl)#permit ip any any 
(config-ext-nacl)#exit 
(config)#ip nat inside source static tcp dmz.server.ip.address 80 interface Dialer0 80 
(config)#interface Dialer0 
(config-if)#ip access-group 102 in 
(config-if)#end 
wr
0 Helpful
Top