I have a C800-router that connects a local office LAN to internet. It?s configured like this
ip address <yadayada>
ip access-group Outside_ACL_in2 in
ip nat outside
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.16.1 255.255.255.0
ip access-group Inside_ACL_in in
ip nat inside
ip nat inside source route-map NAT_RMAP_1 interface Dialer0 overload
(route map NAT_RMAP_1 is an ACL for split-tunneling, denying traffic going into a VPN-tunnel, everything else is nat:ed)
Now: I need to allow connections from internet (tcp/3389 and tcp/5900) to the outside ip address to be translated and forwarded to the inside host 192.168.16.100.
I am more used to pix/asa:s, and there I should simply add a few static and permit the traffic in the outside acl.
But, how do I do this in IOS?
Thanks for your help!
These are equivalent to 'statics' on PIX/ASA.
ip nat inside source static tcp 192.168.16.100 3389 3389
ip nat inside source static tcp 192.168.16.100 5900 5900
You will still need to give access via the ACL.
HTH and please rate.