cisco 871 how to adres a host on the inside

jillesmiedema · ‎12-02-2008

i want to let ip a.a.a.a from the internet do remote desktoppinmg via port b on computer c.c.c.c on the inside.

how do i do that

acces rule ?

nat rule ?

port association aplication ?

Collin Clark · ‎12-02-2008

First create a NAT-

ip nat inside source static tcp c.c.c.c 3389 interface Ethernet1 3389

Ethernet1 in this case is the outside interface. Yours maybe different (eg dialer0)

Next create an ACL to allow access to the NAT-

ip access-list extended outside_in

permit tcp host a.a.a.a host {ethernet1 IP] eq 3389

Finally we apply it to the outside interface-

interface Ethernet1

ip access-group outside_in in

Hope that helps.

jillesmiedema · ‎12-04-2008

i dont know but i dont have internet acces after applyin these rules ?

Collin Clark · ‎12-04-2008

Are you running CBAC on the router? Do you already have an ACL on the outside interface?

jillesmiedema · ‎12-12-2008

no cbac no acl

i want to let wan ip a.a.a.a port b from the internet do remote desktoppinmg via port b on computer c.c.c.c on the inside because i want to rdt all my computer on the internal network . so each interanl host has an unique rdt tpc port

on a simple router from alcatel or siemens all this qiute simple

Collin Clark · ‎12-12-2008

Can you post a config?

jillesmiedema · ‎12-13-2008

the config

jillesmiedema · ‎12-13-2008

frased otherwise

i want port aaaa from the wan directed to host bbbb.

jillesmiedema · ‎12-14-2008

i understand the command is to log in from wan

to host cccc with port bbbb

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

but the logic of cisco fails me.

in sdm i have to fill in translating from adres the host on the inside , but i make the call from outside wan.

the command sentence also speaks of source adres but my logic says the source adres is that of the host that trys to make connection with the inside adres.

what do i miss ?

jillesmiedema · ‎12-14-2008

next problem

i have an public ip adres aaaa , then an adslmodem with inside adres ccc138 the fa4 of the cisco is connected to it with ip cccc01.

can i make acces rules with public ip adresses on the outside lan ccc0 of my cisco router because he sees only the gateway ccc138.

should i pass the public ip adres to my cisco router through the adslmodem to make acces lists on basis of public ip adresses of hosts i want to allow ?

Collin Clark · ‎12-15-2008

A couple of things I noticed right away-

Your default gateway points to your interface, it should point to another IP or out the VLAN 1 interface.

Next you'll need the NAT statement to allow the translation from outside to inside.

ip nat inside source static tcp 10.10.10.5 80 interface vlan1 80

Next create the access list to allow the traffic.

access-list 100 permit tcp any any eq

80

Finally apply the access list to the outside interface (VLAN 1 in your case)

interface vlan 1

ip access-group 100 in

I'm afraid I don't use ASDM so I can't be much help there.

jillesmiedema · ‎12-16-2008

wat rule are you referring to with : my default gateway points to your ionterface it should point to another ip or out ?

Collin Clark · ‎12-16-2008

ip route 0.0.0.0 0.0.0.0 10.10.10.138

10.10.10.138 is also the IP address of VLAN1

It should be something like this-

ip route 0.0.0.0 0.0.0.0 10.10.10.1

or

ip route 0.0.0.0 0.0.0.0 vlan 1

jillesmiedema · ‎12-16-2008

but vlan1 is my internal network

and if i chance it like you mention then i lose internat connection from vlan1

10.10.10.138 is the ip adres of my adsl modem

10.10.10.1 is the ip adres of my cisco external interface