Port Forwarding

Answered Question
Jun 4th, 2009
User Badges:

I am working on a scenario with some private addressing behind a router. WE would like to allow a user to RDP to two servers behind the router that are privately addressed and we do not want to statically route the address space.


Is there a way to do port forwarding on a Cisco 1841? If so, would the user hten just RDP to the router and then have the router pass the ports to the server? Since there are two servers, would we need port 3389 and then create another for the second server?


Any help would be appreciated.


Dwane

Correct Answer by Jon Marshall about 7 years 11 months ago

Dwane


You are either going to need


1) 2 public IP's, one of which could be the external interface address on the router


OR


2) You could use the external interface for both but you would need RDP to be running on 2 different ports.


So you have 2 internal servers = 192.168.5.10 & 192.168.5.11


external interface on router = fa0/1


Config for 1 - (assuming you are using the interface address for one of the servers)


ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389


ip nat inside source static tcp 192.168.5.11 3389 195.17.17.1 3389


** Obviously you need to own the 195.17.17.1 address and it needs to be routed to the outside interface of your 1841 by your ISP


config for 2


ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389

ip nat inside source static tcp 192.168.5.11 3389 interface fa0/1 3390


For both configs you need


int fa0/0

ip nat outside


int fa0/0

ip nat inside


where fa0/0 is the interface that connects to 192.168.5.x network.


One last point. You don't necessarily have to NAT out both. If you have no spare public IP's and you can't change the port just setup this


ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389


and then have the user RDP from that server to the other server.


Jon




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 06/04/2009 - 11:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Dwane


You are either going to need


1) 2 public IP's, one of which could be the external interface address on the router


OR


2) You could use the external interface for both but you would need RDP to be running on 2 different ports.


So you have 2 internal servers = 192.168.5.10 & 192.168.5.11


external interface on router = fa0/1


Config for 1 - (assuming you are using the interface address for one of the servers)


ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389


ip nat inside source static tcp 192.168.5.11 3389 195.17.17.1 3389


** Obviously you need to own the 195.17.17.1 address and it needs to be routed to the outside interface of your 1841 by your ISP


config for 2


ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389

ip nat inside source static tcp 192.168.5.11 3389 interface fa0/1 3390


For both configs you need


int fa0/0

ip nat outside


int fa0/0

ip nat inside


where fa0/0 is the interface that connects to 192.168.5.x network.


One last point. You don't necessarily have to NAT out both. If you have no spare public IP's and you can't change the port just setup this


ip nat inside source static tcp 192.168.5.10 3389 interface fa0/1 3389


and then have the user RDP from that server to the other server.


Jon




Actions

This Discussion