Re: PAT Configurattion Question

tpschris1 · ‎10-13-2010

I couldn't find this thread anywhere else, so I'm going to give this a shot.

I am trying to configure an MPLS line for a secondary backup. However only one IP address was provided from what I'll refer for simplicity as the ISP.

I have successfully configure the line for PAT so that any end device at my end can access whatever resources they need just fine. However there are some instances that the ISP will need to initiate a connection to some of our servers through some specific port numbers.

I have so far this following command issued onto the router for PAT one-to-one mapping:

ip nat inside source static tcp 192.168.0.5 302 171.68.1.1 81 extendable 

 Aside from this command and possibly adding an extendable access-list, could there be anything I might have missed to get this setup and running?

 Thanks for the help.

Jon Marshall · ‎10-13-2010

tpschris1 wrote:
I couldn't find this thread anywhere else, so I'm going to give this a shot.
I am trying to configure an MPLS line for a secondary backup. However only one IP address was provided from what I'll refer for simplicity as the ISP.
I have successfully configure the line for PAT so that any end device at my end can access whatever resources they need just fine. However there are some instances that the ISP will need to initiate a connection to some of our servers through some specific port numbers.
I have so far this following command issued onto the router for PAT one-to-one mapping:
ip nat inside source static tcp 192.168.0.5 302 171.68.1.1 81 extendable 

 Aside from this command and possibly adding an extendable access-list, could there be anything I might have missed to get this setup and running?

 Thanks for the help.

No, that should do it. Just to clarify the above, the ISP connects to 171.68.1.1 on port 81 and you redirect to 192.168.0.5 on porrt 302. Is that what you are trying to achieve ?

Jon

tpschris1 · ‎10-13-2010

Jon,

Thanks for the help. And yes my intent was to have the"ISP" initiate at their end with their IP that would point to a server on our end.

More specifically, we have multiple servers so would the same command be used with just different ports numbers pointing to the mapped out server?

It would look something like this, and please excuse the horrific example:

ip nat inside source static tcp 192.168.0.5 302 171.68.1.1 81 extendable
                                   
                                192.168.0.6 302 171.68.1.1 82

                                192.168.0.7 302 171.68.1.1 83

                                192.168.0.8 302 171.68.1.1 84


 Thanks.

 Chris

Jon Marshall · ‎10-13-2010

Yes that example above should work fine.

Jon