Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
491
Views
0
Helpful
1
Replies

Open several ports from outside to inside server

julian.hanzlik
Level 1
Level 1

‎06-01-2016 01:21 AM - edited ‎03-05-2019 04:08 AM

Router: Cisco 1812 with version 12.4

I have an inside Server where i need to open several Ports for outside.
I have a NAT configured before for other servers. Like this, this is a Webserver, reachable through the outside. Like this here:

ip nat inside source static 10.77.77.6 Public IP route-map SDM_NAT_TEST

Route Map Information:

route-map SDM_NAT_TEST permit 10
match ip address nat_test

ACL nat_test

ip access-list extended nat_test
deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
permit ip host 10.77.77.6 any

This Webserver is reachable through the outside with port 80.

First Question: Why is the port open, but if i do nmap on this Server it shows all ports are closed?

nmap -Pn PUBLICIP

Starting Nmap 6.47 ( http://nmap.org ) at 2016-06-01 09:55 CEST
Nmap scan report for PUBLICIP
Host is up (0.0013s latency).
All 1000 scanned ports on PUBLICIP are closed

Nmap done: 1 IP address (1 host up) scanned in 7.39 seconds

But if i do it with the internal IP:

Nmap scan report for 10.77.77.6
Host is up (0.0013s latency).
Not shown: 985 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
389/tcp open ldap
443/tcp open https
465/tcp open smtps
587/tcp open submission
873/tcp open rsync
993/tcp open imaps
995/tcp open pop3s
5222/tcp open xmpp-client
7025/tcp open vmsvc-2
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 1.42 seconds

I need to open some Ports on another Server. Internal IP 10.77.77.7. And another external IP.

I thought if i just do another NAT statement, it will work:

ip nat inside source static 10.77.77.7 PUBLICIP1 route-map SDM_NAT_TEST

The network was configured by another guy, not by me, i'm completely new to this system. I need to forward the ports from the outside ip to the internal. I can reach all ports from the inside, but not from the outside.

Question two: Where to start? I read a statement like this will work:

ip nat inside source static tcp 10.77.77.7 9999 PUBLICIP1 9999 extendable

But here I only can open one port and I need about 10.

Thanks for reading. I can post the whole configuration if someone needs it, but it is long and a mess (I think).

Labels:
0 Helpful
1 Reply 1

Alexey Nesterkin
Level 1
Level 1

‎06-01-2016 03:29 AM

Good day

You can use this for each port

ip nat inside source static tcp 10.77.77.7 9999 PUBLICIP1 9999 extendable

For example, sometimes this function is used with one PUBLICIP:

ip nat inside source static tcp 10.77.77.7 80 PUBLICIP1 80 extendable

ip nat inside source static tcp 10.77.77.8 80 PUBLICIP1 8080 extendable

Best regards, Alexey Nesterkin.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card