Port forwarding on Cisco 28xx

Unanswered Question

We have successfully set up NAT on one of our public IP?s.

Internal subnet 10.0.2.x is translated to one single Public IP (from now on named: PUBLIC)

Next thing to do is that we need some specific ports to be forwarded to a specific internal IP. Is that possible without adding a new router?

We want to do this:

Incoming traffic from

PUBLIC : 1000 --> : 1000

PUBLIC : 2000 --> : 1000

Here is config on how the VLAN is set up now (and one more thing there: as far as I can see "access-list extended VLAN2-outbound" is not used, at least not for interface VLAN2, correct?):

interface Vlan2

ip address

ip access-group VLAN2-inbound in

ip nat inside

ip inspect OUTSIDE_OUT out

ip virtual-reassembly


ip nat pool vlan2_nat_pool netmask

ip nat inside source list 10 interface FastEthernet0/1 overload


ip access-list standard NAT_VLAN2

remark SDM_ACL Category=2



ip access-list extended VLAN2-inbound

remark VLAN2 to router

remark SDM_ACL Category=1

remark Auto generated by SDM for NTP (123)

permit udp host eq ntp host eq ntp

permit udp any any eq bootps

permit ip any

ip access-list extended VLAN2-outbound

remark VLAN2 PAT inside to outside

remark SDM_ACL Category=2

deny ip host any

permit ip any


logging trap debugging

access-list 10 permit

Ruben Edna

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion