Solved: Re: Port Forwarding

dpatkins · ‎06-04-2009

I am working on a scenario with some private addressing behind a router. WE would like to allow a user to RDP to two servers behind the router that are privately addressed and we do not want to statically route the address space.

Is there a way to do port forwarding on a Cisco 1841? If so, would the user hten just RDP to the router and then have the router pass the ports to the server? Since there are two servers, would we need port 3389 and then create another for the second server?

Any help would be appreciated.

Dwane

Jon Marshall · ‎06-04-2009

Dwane

You are either going to need

1) 2 public IP's, one of which could be the external interface address on the router

OR

2) You could use the external interface for both but you would need RDP to be running on 2 different ports.

So you have 2 internal servers = 192.168.5.10 & 192.168.5.11

external interface on router = fa0/1

Config for 1 - (assuming you are using the interface address for one of the servers)

ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389

ip nat inside source static tcp 192.168.5.11 3389 195.17.17.1 3389

** Obviously you need to own the 195.17.17.1 address and it needs to be routed to the outside interface of your 1841 by your ISP

config for 2

ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389

ip nat inside source static tcp 192.168.5.11 3389 interface fa0/1 3390

For both configs you need

int fa0/0

ip nat outside

int fa0/0

ip nat inside

where fa0/0 is the interface that connects to 192.168.5.x network.

One last point. You don't necessarily have to NAT out both. If you have no spare public IP's and you can't change the port just setup this

ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389

and then have the user RDP from that server to the other server.

Jon

View solution in original post

Jon Marshall · ‎06-04-2009

Dwane

You are either going to need

1) 2 public IP's, one of which could be the external interface address on the router

OR

2) You could use the external interface for both but you would need RDP to be running on 2 different ports.

So you have 2 internal servers = 192.168.5.10 & 192.168.5.11

external interface on router = fa0/1

Config for 1 - (assuming you are using the interface address for one of the servers)

ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389

ip nat inside source static tcp 192.168.5.11 3389 195.17.17.1 3389

** Obviously you need to own the 195.17.17.1 address and it needs to be routed to the outside interface of your 1841 by your ISP

config for 2

ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389

ip nat inside source static tcp 192.168.5.11 3389 interface fa0/1 3390

For both configs you need

int fa0/0

ip nat outside

int fa0/0

ip nat inside

where fa0/0 is the interface that connects to 192.168.5.x network.

One last point. You don't necessarily have to NAT out both. If you have no spare public IP's and you can't change the port just setup this

ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389

and then have the user RDP from that server to the other server.

Jon

dpatkins · ‎06-04-2009

Great! Thank you very much.