Forward ALL ports to other device?

Unanswered Question
Feb 2nd, 2007

Hi,

i like to place a firewall device behind my Cisco 800 series (836 IOS 12.4). I like to forward all ports and protocols to this firewall. In the Cisco are commands like these: "ip nat inside source static tcp 10.0.0.201 25 interface Dialer1 25".

Is it possible to use a command simmular to the one above to forward all ports and protocols from Dialer1 to 10.0.0.201 ??

Regards

Patrick

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 02/02/2007 - 08:37

One thing to be mindful about. Since your NATing the IP that is assigned to your dialer interface, you will not be able to manage the device from the outside.

progress Fri, 02/02/2007 - 08:56

Okay, sounds easy. I will try this tommorow morning. Thanks allot.

progress Sat, 02/03/2007 - 08:49

Okay, this works, all ports are forwarded to the device on the inside (10.0.0.201). Now i've also tried to use the firewall behind the Cisco as VPN device. But i think the Cisco is not forwarding the IPSEC packages to the 10.0.0.201 device.

Is there a possibility to configure the Cisco to forward also the IPSEC packages?

Regards,

Patrick

mschooley Fri, 02/02/2007 - 08:44

i'm assuming you are negotiating your address on dialer 0. are you going to readdress you internal network? right now your are forwarding smtp traffic that hits dialer1 to 10.0.0.201. if you add a fw it is going to have to have an internal interface and an external inteface unless it is one that supports a "drop-in" mode where it actually acts like a bridge. If no drop-in mode, you could put a static nat entry on the fw for 10.0.0.201 ext for smtp and map it to the new ip address of the internal mail server. Thats actually the easy part, there is probably a statement that looks like ip nat inside source list (or routemap) interface dialer0 overload. That is for all outbound traffic. But I guess you could just do nat twice, the firewall would nat all to the outside address of the fw, i.e. 10.0.0.1 and then the router would get it on lets say 10.0.0.2 on fa0/0 and forward it out dialer1 and nat it to the negotiated interface of dailer1. A little cludgy, but would work. The other iption would be to get a range of ip address from your isp and put them on the network between the fw and the router. By the way are you using dynamic dns of some sort or I guess you could have a static ip on dialer1.

progress Fri, 02/02/2007 - 09:31

Yes, i know that the network inside the fw will have a other IP range. I will try the double NAT. It is only temporarily, because in a couple of weeks our new fiber line will arrive.

I'm not using dynamic DNS. I'm not sure if my provider gives static IP's.

Actions

This Discussion