Here is the situation:
My company has outgrown our current linksys setup and has recently purchased a Cisco 871w router. We have two servers that need access to the outside world (an email server and a PBX that handles our voip). With the linksys we had set up port forwarding to handle the needed requests. This seems to work fine on the new cisco router until I need to forward a range of ports for the PBX (udp 10000 - 20000). Is there a way to do this with the cisco router?
Alternatively, we have 5 ip addresses from our provider. Would it be easier to set up individual ip addresses for each server and a third for all of our internet traffic?
Any help and or direction would be much appreciated.
I acually have similar setup at home using a 2611 router and forwarding port ranges to multiple ips on the internal network and it works great! My issue is that I have one dynamic ip assigned by my ISP and eventually I will have to manually change the ip for each nat statement. I wanted to know if there is a way to point to the outside interface instead of using on ip address. I found out that you can use a static nat statment
"ip nat inside source static tcp 10.0.0.2 22 interface fa0/0 22" instead of
"ip nat inside source static tcp 10.0.0.2 22 72.xxx.xxx.85 22 extendable"
but I cannot find how to point my route-map to the interface to fully resolve this dynamic ip change in the future. My config is listed below which works great if you have static ips assigned by your ISP!!! Though I would love some guidance on the dynamic issue if possible. Thanks
P.S. ip nat statements work like numbered access lists and have to be in order or it will not work. I found out the hard way!.
ip nat outside
ip nat inside
ip nat inside
ip nat inside source list 1 interface fa0/0 overload
ip nat inside source static tcp 10.0.0.2 22 72.xxx.xxx.85 22 extendable
ip nat inside source static 192.168.1.3 72.xxx.xxx.85 route-map DESKTOP extendable
access-list 1 remark NAT OVERLOAD List
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 100 remark Desktop computer port-forwarding
access-list 100 permit tcp host 192.168.1.3 3389 any
access-list 100 permit tcp host 192.168.1.3 28960 any
access-list 100 permit udp host 192.168.1.3 range 28960 32000 any
route-map DESKTOP permit 10
match ip address 100
Translating multiple ports isn't very effective in a cisco router, but you could do what they call a one-to-one NAT, With this you would translate a public IP to a private IP, all ports and protocols. You would then use an access list to restrict what ports can be used. If you do it this way, you will have to use another public for the email server. It would look something like this-
ip nat inside source static 10.10.10.77 188.8.131.52
ip nat inside source static tcp 10.10.10.70 25 184.108.40.206 25
Hope that helps.