cisco 871 how to adres a host on the inside

Unanswered Question
Dec 2nd, 2008

i want to let ip a.a.a.a from the internet do remote desktoppinmg via port b on computer c.c.c.c on the inside.

how do i do that

acces rule ?

nat rule ?

port association aplication ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 12/02/2008 - 06:23

First create a NAT-

ip nat inside source static tcp c.c.c.c 3389 interface Ethernet1 3389

Ethernet1 in this case is the outside interface. Yours maybe different (eg dialer0)

Next create an ACL to allow access to the NAT-

ip access-list extended outside_in

permit tcp host a.a.a.a host {ethernet1 IP] eq 3389

Finally we apply it to the outside interface-

interface Ethernet1

ip access-group outside_in in

Hope that helps.

Collin Clark Thu, 12/04/2008 - 13:02

Are you running CBAC on the router? Do you already have an ACL on the outside interface?

jillesmiedema Fri, 12/12/2008 - 14:03

no cbac no acl

i want to let wan ip a.a.a.a port b from the internet do remote desktoppinmg via port b on computer c.c.c.c on the inside because i want to rdt all my computer on the internal network . so each interanl host has an unique rdt tpc port

on a simple router from alcatel or siemens all this qiute simple

jillesmiedema Sun, 12/14/2008 - 07:27

i understand the command is to log in from wan

to host cccc with port bbbb

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

but the logic of cisco fails me.

in sdm i have to fill in translating from adres the host on the inside , but i make the call from outside wan.

the command sentence also speaks of source adres but my logic says the source adres is that of the host that trys to make connection with the inside adres.

what do i miss ?

jillesmiedema Sun, 12/14/2008 - 12:06

next problem

i have an public ip adres aaaa , then an adslmodem with inside adres ccc138 the fa4 of the cisco is connected to it with ip cccc01.

can i make acces rules with public ip adresses on the outside lan ccc0 of my cisco router because he sees only the gateway ccc138.

should i pass the public ip adres to my cisco router through the adslmodem to make acces lists on basis of public ip adresses of hosts i want to allow ?

Collin Clark Mon, 12/15/2008 - 06:06

A couple of things I noticed right away-

Your default gateway points to your interface, it should point to another IP or out the VLAN 1 interface.

Next you'll need the NAT statement to allow the translation from outside to inside.

ip nat inside source static tcp 10.10.10.5 80 interface vlan1 80

Next create the access list to allow the traffic.

access-list 100 permit tcp any any eq </p><p>80

Finally apply the access list to the outside interface (VLAN 1 in your case)

interface vlan 1</p><p> ip access-group 100 in</p><p>

I'm afraid I don't use ASDM so I can't be much help there.

jillesmiedema Tue, 12/16/2008 - 04:04

wat rule are you referring to with : my default gateway points to your ionterface it should point to another ip or out ?

Collin Clark Tue, 12/16/2008 - 06:09

ip route 0.0.0.0 0.0.0.0 10.10.10.138

10.10.10.138 is also the IP address of VLAN1

It should be something like this-

ip route 0.0.0.0 0.0.0.0 10.10.10.1

or

ip route 0.0.0.0 0.0.0.0 vlan 1

jillesmiedema Tue, 12/16/2008 - 08:22

but vlan1 is my internal network

and if i chance it like you mention then i lose internat connection from vlan1

10.10.10.138 is the ip adres of my adsl modem

10.10.10.1 is the ip adres of my cisco external interface

Actions

This Discussion