Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
4
Replies

how to direct a wan port to a host

Go to solution
jillesmiedema
Level 1
Level 1

‎12-13-2008 07:02 AM - edited ‎03-06-2019 02:57 AM

i want to direct traffic port aaaa fram the wan interface tot the vlan host bbbb

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-13-2008 12:43 PM

Hello Jilles,

If I understood correctly you want that traffic received on wan interface for a specific TCP or UDP port to be directed to an internal host with a specific ip address.

I suppose you are using NAT you can add a specific statement for this

ip nat inside source static tcp local-ip local-port interface global-port

if you are not using NAT you can use PBR to achieve this

Hope to help

Giuseppe

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to jillesmiedema

‎12-14-2008 11:29 AM

Jilles

Cisco NAT is not always the easiest thing to get the hang of !

The key thing to understand with the static NAT statement is that it is bi-directional ie. it the statement works both ways.

So perhaps thinking of it like this may help -

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

the above tells the router to present the inside address of cccc to the outside as the address on the fa4 interface. Note that inside and outside are relative in that it is purely down to which interfaces you designate as inside and outside.

So what you are telling the router is that if a packet comes from cccc and is destined for the WAN it will be translated to fa4 address. But you are also telling the router that any packet from the WAN coming to the fa4 address should be translated to cccc on the inside.

Key thing to understand is the concept of inside/outside, have a look at this doc which gives a good overview -

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-13-2008 12:43 PM

Hello Jilles,

If I understood correctly you want that traffic received on wan interface for a specific TCP or UDP port to be directed to an internal host with a specific ip address.

I suppose you are using NAT you can add a specific statement for this

ip nat inside source static tcp local-ip local-port interface global-port

if you are not using NAT you can use PBR to achieve this

Hope to help

Giuseppe

0 Helpful

Go to solution
jillesmiedema
Level 1
Level 1
In response to Giuseppe Larosa

‎12-14-2008 07:29 AM

understand the command is to log in from wan

to host cccc with port bbbb

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

but the logic of cisco fails me.

in sdm i have to fill in translating from adres the host on the inside , but i make the call from outside wan.

the command sentence also speaks of source adres but my logic says the source adres is that of the host that trys to make connection with the inside adres.

what do i miss ?

0 Helpful

Go to solution
jillesmiedema
Level 1
Level 1
In response to Giuseppe Larosa

‎12-14-2008 09:18 AM

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

this is the command which works to let an host from wan(=outside) = fastethernet4 to remote desktop on port bbbb on a hostserver cccc on the vlan(=inside).

but the command names the inside adres as source(=originating) but it is a host on the wan which want to connect to the inside host

in the sdm screen the original adres is cccc, the thranslated adres the ipadres of the cisco router on the ethernet4 interface.

so in my logic the source adres or originating adres is the ip adres of the wan host because he wants to communicate with the server.

so why is the original inside adres the source adres.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to jillesmiedema

‎12-14-2008 11:29 AM

Jilles

Cisco NAT is not always the easiest thing to get the hang of !

The key thing to understand with the static NAT statement is that it is bi-directional ie. it the statement works both ways.

So perhaps thinking of it like this may help -

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

the above tells the router to present the inside address of cccc to the outside as the address on the fa4 interface. Note that inside and outside are relative in that it is purely down to which interfaces you designate as inside and outside.

So what you are telling the router is that if a packet comes from cccc and is destined for the WAN it will be translated to fa4 address. But you are also telling the router that any packet from the WAN coming to the fa4 address should be translated to cccc on the inside.

Key thing to understand is the concept of inside/outside, have a look at this doc which gives a good overview -

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card