Port FWD

Unanswered Question
May 20th, 2009

Hello all.

I'm sure I'm missing something...but I can not understand what...

I have a port redirection problem. I have a CISCO router configured as shown in the conf file below.

I'm trying to configure a port forward to an internal server on port 1723 with the following command:

ip nat inside source static tcp 192.168.5.11 1723 interface Serial2/0 1723

the command is accepted without error, but the port redirection does not work. I tried to add

a "permit tcp any any" but no luck.

Any ideas about what I'm doing wrong?

Thanks,

Cips

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname c1841

!

boot-start-marker

boot-end-marker

!

enable secret

!

no aaa new-model

ip cef

!

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

crypto isakmp policy 100

encr 3des

authentication pre-share

group 2

crypto isakmp key key1234 address xx.xx.46.241

!

!

crypto ipsec transform-set key1234 esp-3des esp-sha-hmac

!

crypto ipsec profile key1234

set transform-set key1234

!

!

!

!

!

interface Loopback10

ip address xx.xx.243.53 255.255.255.255

!

interface Loopback11

ip address xx.xx.243.54 255.255.255.255

!

interface Tunnel10

description VPN-->OUT

ip address 10.0.0.2 255.255.255.252

tunnel source Loopback11

tunnel destination xx.xx.46.241

tunnel mode ipsec ipv4

tunnel protection ipsec profile key1234

!

interface FastEthernet0/0

ip address 192.168.5.250 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial2/0

ip address xx.xx.246.222 255.255.255.252

ip nat outside

ip virtual-reassembly

encapsulation frame-relay IETF

frame-relay map ip xx.xx.246.221 20 broadcast IETF

no frame-relay inverse-arp

!

ip route 0.0.0.0 0.0.0.0 Serial2/0 xx.xx.246.221

ip route 192.168.0.0 255.255.255.0 Tunnel10

!

!

ip http server

no ip http secure-server

ip nat pool internet xx.xx.243.49 xx.xx.243.50 netmask 255.255.255.252

ip nat inside source list nat pool internet overload

!

ip access-list extended nat

deny ip 192.168.5.0 0.0.0.255 192.168.0.0 0.0.0.255

permit ip 192.168.5.0 0.0.0.255 any

!

!

!

!

!

control-plane

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

logging synchronous

login

!

scheduler allocate 20000 1000

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Brian Meade Wed, 05/20/2009 - 07:44

So it looks like you're trying to forward TCP port 1723 from an internal IP address to an outside interface, is this correct?

If so, you should use this command:

ip nat outside source static tcp 192.168.5.11 1723 interface Serial2/0 1723

If you're trying to forward that part from the outside interface to the internal IP address which sounds more probable, you're command should be:

ip nat inside source static tcp interface Serial2/0 1723 192.168.5.11 1723

Brian Meade Wed, 05/20/2009 - 07:50

Actually here is the command for Situation B:

#ip nat outside source static tcp xx.xx.246.222 1723 192.168.5.11 1723

ciscocips Thu, 05/21/2009 - 01:17

Thanks so much for the reply.

I'm actually trying to redirect from external interface the port 1723 on an internal server. All the samples I found were using "ip nat inside"....but probably I did not read the sample carefully enough.

Thanks,

Brian Meade Thu, 05/21/2009 - 06:47

No problem, I think I may have messed up when specifying inside and outside. For your situation, this would be the appropriate command:

ip nat inside source static tcp xx.xx.246.222 1723 192.168.5.11 1723

Actions

This Discussion