Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
2
Replies

Forward traffic from inside to outside on Cisco 2921

tporebski
Level 1
Level 1

‎06-07-2016 11:34 AM - edited ‎03-05-2019 04:10 AM

Hi,

I have bit of a problem and would appreciate some help.

The setup is based on a Cisco 2921 router.The network addresses are just for the example of the situation and what I would like to achieve.

There is one inside (let's say the local network address is 10.0.0.1) and one outside interface (166.1.1.5).

All my local network traffic is going through this outside interface so my external IP is (at least in this example) 166.1.1.5.

My ISP gave me few external addresses (166.1.1.5 - 166.1.1.10) and one domain that is pointing  lets say to 166.1.1.10.

I have a mail server on local server (10.0.0.3 using ports 25,143,443,587) and a basic web page server (10.0.0.4 port 80).

I wanted to reroute traffic from the given domain 166.1.1.10 to the local servers so I've set up a NAT that gathers traffic from 166.1.1.10 like so:

ip nat inside source static tcp 10.0.0.4 80 166.1.1.10 80 extendable
ip nat inside source static tcp 10.0.0.3 143 166.1.1.10 143 extendable
ip nat inside source static tcp 10.0.0.3 443 166.1.1.10 443 extendable
ip nat inside source static tcp 10.0.0.3 587 166.1.1.10 587 extendable

And for this part it almost does what I want. But...

And now the fun part that I can't figure out how to achieve.

My mail server at 10.0.0.3 sends mail that is identified as my external IP that is 166.1.1.5.

Is there a way (and if so then how to do it) to set my router that it translates local IP 10.0.0.3 to external 166.1.1.10?

Thanks in advance,

Tom

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎06-07-2016 12:47 PM

Since you have so many public IP addresses you should change to using 1:1 NAT and adjust your DNS.

ip nat inside source static tcp 10.0.0.3 166.1.1.10 extendable
0 Helpful

tporebski
Level 1
Level 1
In response to Philip D'Ath

‎06-08-2016 12:47 AM

That would be great if I could do that.

If I use a 1:1 NAT then my webpage on server 10.0.0.4 will not work.

I cannot move my page from 10.0.0.4 to 10.0.0.3 without loosing some services on 10.0.0.3 that already use port 80.

Is there a way to make an exception/overlap to the 1:1 NAT only for port 80 ?

0 Helpful
Customers Also Viewed These Support Documents