Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2966
Views
0
Helpful
3
Replies

Port Forwarding - External to Internal

KWMDIT
Level 1
Level 1

‎02-11-2021 03:40 AM

Sorry if this is very simple, but my Cisco knowledge is dated and I'm not hands on anymore, but needs must at the moment.

 

I have a Cisco 800 series router with a public IP assigned to the dialler interface (call it 1.1.1.1 for this purpose).

 

The router has a VLAN (/24 subnet) assigned and DHCP is handing out addressed to the 4 interfaces on the router.

 

I have a device on port 3 that I need to be able to access from the outside world.  The IP of this device is 2.2.2.2 (for this purpose).

 

I want to lock access to a single external public IP (call it 3.3.3.3 for now).

 

So after that ramble, I want any traffic (on any TCP/UDP ports) coming to the router from an external public IP of 3.3.3.3 to be redirected to the router port 3 (device of which is 2.2.2.2 private IP).

 

I am pretty sure I can do this with access-lists and port forwarding, but I'm far too rusty to grasp it I'm afraid.

 

ip nat outside is already set on the dialler interface, and ip nat outside is set on the internal VLAN that the ports all sit in.

Labels:
0 Helpful
3 Replies 3

KWMDIT
Level 1
Level 1

‎02-12-2021 01:34 AM

Anyone?

0 Helpful

paul driver
VIP
VIP

‎02-12-2021 03:55 AM - edited ‎02-12-2021 04:02 AM

Hello

Sounds like you require port address translation (PAT)
Example: <  this will allow access to the internal host 2.2.2.2 using the public ip of 3.3.3.3 on tcp port 80 and udp port 69

ip nat inside source static tcp 2.2.2.2 80 3.3.3.3 80 
ip nat inside source static udp 2.2.2.2 69 3.3.3.3 69
ip nat inside source static 2.2.2.2  3.3.3.3  < or you can just allow all the ip stack


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

KWMDIT
Level 1
Level 1
In response to paul driver

‎02-12-2021 05:53 AM

Thank you for the reply.  But no progress I'm afraid.

 

I entered exactly as you stated.  I tried for TCP 443 (as the internal device has a web GUI) and also without to just allow the entire stack as you suggested.

 

My test machine is at home so I use my public IP instead of the 3.3.3.3 in the example, and the internal private IP of the device instead of the 2.2.2.2.  Then open my browser and go to https://1.1.1.1 (where 1.1.1.1 is the public address of the dialler interface on the router).

 

Am I missing something?

0 Helpful
Customers Also Viewed These Support Documents