i am working at a client site today. The client has indicated that they need to have a server translated so that connections coming in from the public can access the server. I told the client I would be able to use NAT for this on their 2911 G2 router.
The requirement is that connection attemtps be allowed to come into a public address, which I will call 184.108.40.206 for the purpose of this example.
The inside (real address) for the server is 192.168.15.14/24.
Here is the statement that I have placed on the router:
ip nat inside source static 192.168.15.14 220.127.116.11
and also have placed "ip nat inside" on the Ethernet that faces inside to the 192.168.15.0/24 network. I have placed "ip nat outside" on the Ethernet that faces the Internet.
I also placed an ACL statement to allow the ports required which reads:
180 permit tcp any any eq 60000 64999
181 permit udp any any eq 60000 64999
My concern is whether I have written the NAT statement correctly or not.
here is what I see when I perform a "sho ip nat trans"
tbhroomsgw#sho ip nat trans
Pro Inside global Inside local Outside local Outside global
you need to make some changes here. We'll assume your internal interface is fa0/0 and your external is fa0/1 for the sake of this reply.
ip access-list extended aclPortFrowardRange
permit tcp any any range 60000 64999
permit udp any any range 60000 64999
ip access-list standard aclNat
permit 192.168.15.0 0.0.0.255
ip nat pool poolServer 192.168.15.14 192.168.15.14 netmask 255.255.255.0 type rotary
ip address 192.168.15.1 255.255.255.0 ! or whatever it is on this subnet.
ip nat inside
ip nat outside
ip nat inside source list aclNat interface fa0/1 overload
ip nat inside destination list aclPortForwardRange pool poolServer
You will also need to poke any holes in your inbound ACL on your external interface if there is one. use a similar sytax to the aclPortForwardRange example above in this ACL if need be.