cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
683
Views
0
Helpful
4
Replies

NAT based on the Source IP

Hello,

 

I need some help.

I need to create a new NAT rule on my Cisco but I only want to allow inbound connection (from the outside) from only my remote server :1.2.3.4
A basic rule would be :
ip nat inside source static tcp 192.168.0.99 9200 interface GigabitEthernet0/1 9200
But I don't want to open TCP/9200 to everyone.
How I can allow only my remote server ?

Should I define a new list this way :

access-list 100 permit ip 1.2.3.4 255.255.255.255 any

ip nat inside source list 100

ip nat inside source static tcp 192.168.0.99 25 interface FastEthernet0/2 9200

 

Is it correct ?

 

I don't want to disturb existing rules and production environment.

Others NAT rules have no restrictions

 

Thank you

4 Replies 4

AymanMunassar
Level 1
Level 1

As I understood your article, it is all about connecting from remote server, 1.2.3.4

 

Anyway, if that correct, first you need to instantiate an access list.

 

access-list 111 permit ip host 1.2.3.4 any

 

Finally, you need to apply to the telnet session in question.

 

line vty 0 4

access-class 100 in

Yes connecting from remote server but to inside server running service on tcp/9200

Try this one

access-list 111 permit tcp host 1.2.3.4 eq telnet 192.168.0.99 0.0.0.0 eq 9200

After the access list I should use a NAT ?

Server 1.2.3.4 is remote and on internet and 192.168.0.99 is local.