Two VLAN's port forwarding to one, problem

Answered Question
Jul 14th, 2008

Hi all


This is my first ever Cisco router for forgive me, if this is a simple matter, but I have spent the entire weekend trying to figure this out - with no luck.


My employer has provided me with a Cisco 871W router for my homeoffice.


The router is pre-configured with two VLANs and BVIs; VLAN1 (BVI1) and VLAN2 (BVI2) for home and office connection on two different subnets (192.168.1.0 and 192.168.0.0).


My office connection is secured with IPSec or something similar - I have not that much insight in that aspect.


The configuration works for normal internet access (www, mail etc) on both networks, and the tunneling to my workplace works fint too.


My problem is that I would like to open up some ports for gaming etc. on the "home"-part of the configuration, but I cannot seems to get that to work.


The attached configuration is my current running configuration, which contains some of my trials on getting this to work, so it might look a bit odd.


If anyone could help me, I would appreciate it.


Regards

Jesper Lauridsen



Correct Answer by jamesl0112 about 8 years 7 months ago

Hi,


By the looks of it, you have an extended access list called 'outside_access_in' applied to your outside interface fa4.


You would have to add a rule to this access list allowing the port in question.


You would then need a static NAT entry that would map the port to the internal host.


For instance, if you had a rule to allow port 80 like this:


permit tcp any any eq www


You would also need a NAT entry like this:


ip nat inside source static tcp 192.168.0.10 80 interface FastEthernet4 80


Assuming that 192.168.0.10 was the client PC.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jamesl0112 Tue, 07/15/2008 - 00:02

Hi,


By the looks of it, you have an extended access list called 'outside_access_in' applied to your outside interface fa4.


You would have to add a rule to this access list allowing the port in question.


You would then need a static NAT entry that would map the port to the internal host.


For instance, if you had a rule to allow port 80 like this:


permit tcp any any eq www


You would also need a NAT entry like this:


ip nat inside source static tcp 192.168.0.10 80 interface FastEthernet4 80


Assuming that 192.168.0.10 was the client PC.

Actions

This Discussion