Destination Port Translation

Answered Question
Dec 10th, 2007
User Badges:

Hi


I have only one usable public IP and i want to share multiple hosts inside the network on internet....


basically i want to forward the port 80 requests to host A and port 5900 requests to host B and i want to use only on public IP for both of the hosts....



can anybody guide me and provide me syntax for the same

??

Correct Answer by Jon Marshall about 9 years 4 months ago

Hi


On a router where


host A = 192.168.5.1

host B = 192.168.5.10


Public ip address = 195.166.72.1


ip nat inside source static tcp 192.168.5.1 80 195.166.72.1 80

ip nat inside source static tcp 192.168.5.10 5999 195.166.72.1 5999


On a an ASA/Pix v7.x firewall it's essentially the same except the addresses re swapped around eg


static (inside,outside) tcp 195.166.72.1 80 192.168.5.1 80

static (inside,outside) tcp 195.166.72.1 5999 192.168.5.10 5999


Note on ASA/Pix if the public IP address you are using is the actual IP address assigned to the the outside interface you need to modfiy the statics


static (inside,outside) tcp interface 80 192.168.5.1 80

static (inside,outside) tcp interface 5999 192.168.5.10 5999


HTH


Jon




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 12/10/2007 - 23:10
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

What type of device are you doing this on - router or firewall ?

mohammednw Mon, 12/10/2007 - 23:20
User Badges:

I am doing it on router 2801



i want to know if this can also be done firewall since it can be helpful...




Correct Answer
Jon Marshall Mon, 12/10/2007 - 23:29
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


On a router where


host A = 192.168.5.1

host B = 192.168.5.10


Public ip address = 195.166.72.1


ip nat inside source static tcp 192.168.5.1 80 195.166.72.1 80

ip nat inside source static tcp 192.168.5.10 5999 195.166.72.1 5999


On a an ASA/Pix v7.x firewall it's essentially the same except the addresses re swapped around eg


static (inside,outside) tcp 195.166.72.1 80 192.168.5.1 80

static (inside,outside) tcp 195.166.72.1 5999 192.168.5.10 5999


Note on ASA/Pix if the public IP address you are using is the actual IP address assigned to the the outside interface you need to modfiy the statics


static (inside,outside) tcp interface 80 192.168.5.1 80

static (inside,outside) tcp interface 5999 192.168.5.10 5999


HTH


Jon




Actions

This Discussion