Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
725
Views
0
Helpful
8
Replies

Simple PAT problem

crmljc1976
Level 1
Level 1

‎07-24-2008 01:41 AM - edited ‎03-03-2019 10:52 PM

Im using a Cisco 877 and I have one global IP address, and inside local network on 192.168.0.0. I have one machine 192.168.0.5 which is a VNC server, RDP server, and video recorder which uses a range of ports. I would like to forward all these ports to that one server and was wondering how to configure it. I also have a 10.0.5.0 subnet on the network, which needs access to the internet via the cisco 877.

Can anyone give me some advice on the best way to set it up?

Labels:
0 Helpful
8 Replies 8

Collin Clark
VIP Alumni
VIP Alumni

‎07-24-2008 07:34 AM

First setup a NAT translation from the outside to the inside server.

ip nat inside source static tcp 192.168.0.5 3389 interface Dialer0 3389

ip nat inside source static tcp 192.168.0.5 5900 interface Dialer0 5900

Do the same for the ports for your video recorder. Add the ports to your outside ACL.

For adding the 10.0.5.0 network, just add the network to your ACL or NAT statement (depends on how it is currently configured). If you're using a different interface, don't forget to add ip nat inside under the interface.

Hope that helps.

0 Helpful

crmljc1976
Level 1
Level 1
In response to Collin Clark

‎07-24-2008 07:45 AM

would my outside acl look something like this?

access-list 102 permit tcp any host wanip eq 3389.

Do I need to apply that to the interface too using access-group 102 in?

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to crmljc1976

‎07-24-2008 07:47 AM

Yup, you got it!

0 Helpful

crmljc1976
Level 1
Level 1
In response to Collin Clark

‎07-24-2008 08:06 AM

when I do this all outbound from 10.0.5.0 and 192.168.0.0 is blocked. How do I resolve this?

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to crmljc1976

‎07-24-2008 08:17 AM

Blocked? What are you seeing in the logs?

0 Helpful

crmljc1976
Level 1
Level 1
In response to Collin Clark

‎07-24-2008 10:43 AM

I must have my access lists wrong,

I have been entering access-list 101 permit tcp any host 192.168.0.5 eq 3389 which is the internal host instead of...

access-list 101 permit tcp any host dialer0 IP eq 3389

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to crmljc1976

‎07-24-2008 10:49 AM

It should be the public IP address or if you get the IP dynamically, you'll have to use the any keyword again.

0 Helpful

crmljc1976
Level 1
Level 1
In response to Collin Clark

‎07-25-2008 06:45 AM

This is my config . Can you have a look and tell me if it will work

19357-877w.txt
Preview file
4 KB
0 Helpful
Top