07-08-2018 03:02 PM - edited 03-08-2019 03:36 PM
Hello,
I need some help.
I need to create a new NAT rule on my Cisco but I only want to allow inbound connection (from the outside) from only my remote server :1.2.3.4
A basic rule would be :
ip nat inside source static tcp 192.168.0.99 9200 interface GigabitEthernet0/1 9200
But I don't want to open TCP/9200 to everyone.
How I can allow only my remote server ?
Should I define a new list this way :
access-list 100 permit ip 1.2.3.4 255.255.255.255 any
ip nat inside source list 100
ip nat inside source static tcp 192.168.0.99 25 interface FastEthernet0/2 9200
Is it correct ?
I don't want to disturb existing rules and production environment.
Others NAT rules have no restrictions
Thank you
07-08-2018 08:13 PM
As I understood your article, it is all about connecting from remote server, 1.2.3.4
Anyway, if that correct, first you need to instantiate an access list.
access-list 111 permit ip host 1.2.3.4 any
Finally, you need to apply to the telnet session in question.
line vty 0 4
access-class 100 in
07-08-2018 08:18 PM
Yes connecting from remote server but to inside server running service on tcp/9200
07-08-2018 08:55 PM
Try this one
access-list 111 permit tcp host 1.2.3.4 eq telnet 192.168.0.99 0.0.0.0 eq 9200
07-08-2018 09:18 PM
After the access list I should use a NAT ?
Server 1.2.3.4 is remote and on internet and 192.168.0.99 is local.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide