Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7522
Views
0
Helpful
6
Replies

Forward ALL ports to other device?

progress
Level 1
Level 1

‎02-02-2007 08:03 AM - edited ‎03-03-2019 03:36 PM

Hi,

i like to place a firewall device behind my Cisco 800 series (836 IOS 12.4). I like to forward all ports and protocols to this firewall. In the Cisco are commands like these: "ip nat inside source static tcp 10.0.0.201 25 interface Dialer1 25".

Is it possible to use a command simmular to the one above to forward all ports and protocols from Dialer1 to 10.0.0.201 ??

Regards

Patrick

Labels:
0 Helpful
6 Replies 6

Not applicable

‎02-02-2007 08:34 AM

Yes, you are close with the command above. The command would be:

ip nat inside source static 10.0.0.201 interface Dialer1

Just omit the protocol and port.

There is a link here with more nat information:

http://www.cisco.com/en/US/customer/products/ps6350/products_configuration_guide_book09186a008042f219.html

Please rate this post and mark solved if appropriate.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to

‎02-02-2007 08:37 AM

One thing to be mindful about. Since your NATing the IP that is assigned to your dialer interface, you will not be able to manage the device from the outside.

0 Helpful

progress
Level 1
Level 1
In response to

‎02-02-2007 08:56 AM

Okay, sounds easy. I will try this tommorow morning. Thanks allot.

0 Helpful

progress
Level 1
Level 1
In response to

‎02-03-2007 08:49 AM

Okay, this works, all ports are forwarded to the device on the inside (10.0.0.201). Now i've also tried to use the firewall behind the Cisco as VPN device. But i think the Cisco is not forwarding the IPSEC packages to the 10.0.0.201 device.

Is there a possibility to configure the Cisco to forward also the IPSEC packages?

Regards,

Patrick

0 Helpful

mschooley
Level 1
Level 1

‎02-02-2007 08:44 AM

i'm assuming you are negotiating your address on dialer 0. are you going to readdress you internal network? right now your are forwarding smtp traffic that hits dialer1 to 10.0.0.201. if you add a fw it is going to have to have an internal interface and an external inteface unless it is one that supports a "drop-in" mode where it actually acts like a bridge. If no drop-in mode, you could put a static nat entry on the fw for 10.0.0.201 ext for smtp and map it to the new ip address of the internal mail server. Thats actually the easy part, there is probably a statement that looks like ip nat inside source list (or routemap) interface dialer0 overload. That is for all outbound traffic. But I guess you could just do nat twice, the firewall would nat all to the outside address of the fw, i.e. 10.0.0.1 and then the router would get it on lets say 10.0.0.2 on fa0/0 and forward it out dialer1 and nat it to the negotiated interface of dailer1. A little cludgy, but would work. The other iption would be to get a range of ip address from your isp and put them on the network between the fw and the router. By the way are you using dynamic dns of some sort or I guess you could have a static ip on dialer1.

0 Helpful

progress
Level 1
Level 1
In response to mschooley

‎02-02-2007 09:31 AM

Yes, i know that the network inside the fw will have a other IP range. I will try the double NAT. It is only temporarily, because in a couple of weeks our new fiber line will arrive.

I'm not using dynamic DNS. I'm not sure if my provider gives static IP's.

0 Helpful
Customers Also Viewed These Support Documents