NAT based on the Source IP

julien.silverston · ‎07-08-2018

Hello,

I need some help.

I need to create a new NAT rule on my Cisco but I only want to allow inbound connection (from the outside) from only my remote server :1.2.3.4
A basic rule would be :
ip nat inside source static tcp 192.168.0.99 9200 interface GigabitEthernet0/1 9200
But I don't want to open TCP/9200 to everyone.
How I can allow only my remote server ?

Should I define a new list this way :

access-list 100 permit ip 1.2.3.4 255.255.255.255 any

ip nat inside source list 100

ip nat inside source static tcp 192.168.0.99 25 interface FastEthernet0/2 9200

Is it correct ?

I don't want to disturb existing rules and production environment.

Others NAT rules have no restrictions

Thank you

AymanMunassar · ‎07-08-2018

As I understood your article, it is all about connecting from remote server, 1.2.3.4

Anyway, if that correct, first you need to instantiate an access list.

access-list 111 permit ip host 1.2.3.4 any

Finally, you need to apply to the telnet session in question.

line vty 0 4

access-class 100 in

julien.silverston · ‎07-08-2018

Yes connecting from remote server but to inside server running service on tcp/9200

AymanMunassar · ‎07-08-2018

Try this one

access-list 111 permit tcp host 1.2.3.4 eq telnet 192.168.0.99 0.0.0.0 eq 9200

julien.silverston · ‎07-08-2018

After the access list I should use a NAT ?

Server 1.2.3.4 is remote and on internet and 192.168.0.99 is local.