cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
4600
Views
0
Helpful
10
Replies
Highlighted
Beginner

How to Port Forward on Cisco 1900 Router?

We have a cisco 1900 router. I m new to cisco routers commands, recently started learning. I need to forward all requests coming from port 1723 from outside to inside server ip. I check "show running-config" and I see already forwarded ports and ip like below,

ip nat pool onlyone xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.252

ip nat inside source list 1 pool onlyone overload

ip nat inside source static tcp 192.168.0.xx 22 xxx.xxx.xxx.xxx 22 extendable

ip nat inside source static tcp 192.168.0.xx 80 xxx.xxx.xxx.xxx 80 extendable

ip nat inside source static tcp 192.168.0.xx 80 xxx.xxx.xxx.xxx 96 extendable

ip nat inside source static tcp 192.168.0.xx 443 xxx.xxx.xxx.xxx 443 extendable

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is public facing IP.

so what is the command to add "ip nat inside source static tcp 192.168.1.xx 1723 <public-ip> 1723 extendable" to currnetly working settings?

I am currently reading below but no luck so far...

http://www.cisco.com/en/US/docs/routers/access/1900/software/configuration/guide/software_configuration.pdf

I have found this

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic7

interface ethernet 0 
 ip address 172.16.10.1 255.255.255.0
 ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface serial 0
 ip address 200.200.200.5 255.255.255.252
 ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
!--- Static NAT command that states any packet received in the inside 
!--- interface with a source IP address of 172.16.10.8:8080 is 
!--- translated to 172.16.10.8:80. 

How do I know if "interface ethernet 0" and "interface serial 0" will work for me?

10 REPLIES 10
Highlighted
Advisor

What is the address of the internal server that you want to forward this port to? You would put that in your config:

ip nat inside source static tcp 1723 1723

What is your WAN interface and what is your LAN interface? The WAN interface, where your public address resides, will have "ip nat out" and the LAN address, where your internal address resides, needs to have "ip nat inside".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Highlighted

What is the command to find WAN & LAN interfaces?

Also, after logging into the router, do i just execute below?

"ip nat inside source static tcp 1723 1723"

Highlighted

I think it's best if you post your config. With the question that you're asking, I'm assuming that the config that you posted is not yours. The wan side is going to be where your public address resides, and the lan side is typically what your hosts use for a default gateway. You need a full nat config, and the line that I gave you won't work alone.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Highlighted

No the config file is not mine, and I m recently learning cisco router setup. I understand the Lan and Wan side. What I need is the set of instructions to do this simple forwarding.

Highlighted

I've explained it to you, but maybe someone else can help.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Highlighted

Thank you, the link was helpful.

This seems to be internal interface

"GigabitEthernet0/0 is up, line protocol is up"

And this is for the public ip

GigabitEthernet0/1 is up, line protocol is up

Highlighted

So, going back to my original response. You enable nat outside on the outside (wan) interface and you enable nat inside (lan) on the internal interface. You must know which interface you're working with or it won't work.

A basic nat config would be:

int g0/0

ip nat in

ip address 192.168.1.1 255.255.255.0

int g0/1

ip nat out

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 100 interface g0/1 overload

That's just for outbound. For inbound you would map a static as I stated above.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Highlighted

the router is already setup and working for 2 years. all i need to do  add a simple port forward from public ip to internal server. Following  make sense to accomplish what i m trying to do. Lets assume 1.2.3.4 is  my office public static ip and 192.168.0.10 is my internal server. All  requests will come from some Ip lets say 25.24.23.22:1723 to  1.2.3.4:1723 and router will forward this request to 192.168.0.10:1723.  This is all i m trying to accomplish. I m not setting up a new router.  Some rules are already there. Therefore below seem to be what i need. All I need is how to identify "interface ethernet 0" & "interface serial 0". I understand the inside and outside details. All i have to find is how to replace ethernet 0 and serial 0 with what i have in my router setup.

interface ethernet 0 
 ip address 172.16.10.1 255.255.255.0
 ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface serial 0
 ip address 200.200.200.5 255.255.255.252
 ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
!--- Static NAT command that states any packet received in the inside 
!--- interface with a source IP address of 172.16.10.8:8080 is 
!--- translated to 172.16.10.8:80. 
Highlighted

Hi,

If you still don't understand what to do with all the helpful and correct answers you received then maybe you should think about asking someone else to do this configurationfor you.This may sound a harsh remark but honestly the answer has been given to you by John 4 times and you are still asking the same question again and again.

We are here to help people but people must make the effort to explain correctly their problems( we are not fortune tellers), do what we tell them to do(otherwise what's the purpose of asking for help if you don't listen to the helpers) and read the replies and also not wait to be spoonfed everything from here without doing at least minimal research.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted

Hello

"All I need is how to identify "interface ethernet 0" & "interface  serial 0". I understand the inside and outside details. All i have to  find is how to replace ethernet 0 and serial 0 with what i have in my  router setup"

interface ethernet 0 = This will be your LAN interface - So the inteface connecting to you inside network -  you apply IP NAT INSIDE

serial 0 -  This will be your WAN interface - So the interface connecting to you ISP or OUTSIDE network -  you apply IP NAT OUTSIDE

Then apply the configuration as suggested by JOHN & ALAIN

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Content for Community-Ad