Solved: NAT question - Map port 21 to one internal IP and all other ports to another internal IP?

jesper_petersen · ‎12-10-2009

Hello,

I'm trying to move a Linksys router out of my network.

The Linksys router is currently configured with a DMZ zone that forwards all traffic to a specific IP, say 192.168.1.10.

The Linksys router is also configured to PAT port 21 to another IP, say 192.168.1.20.

It is doing all this from its one and only public IP.

How can I do the same on IOS (1800 series router)?

To sum it up: One public IP, PAT port 21 to 192.168.1.20 and PAT all the other ports 1-20,22-65535 to 192.168.1.10.

I would really hate to do 65535 PAT statements

Hope you can help and thanks in advance!

Best regards,

Jesper

Laurent Aubert · ‎12-11-2009

HI Jesper,

The following configuration should work but not tested

ip nat inside source static tcp 192.168.1.20 21  21

ip nat inside source static 192.168.1.10  route-map NAT reversible
!
route-map NAT permit 10
 match ip address 101
!
access-list 101 deny tcp host 192.168.1.10 eq 21 any
access-list 101 permit ip host 192.168.1.10 any

HTH

Laurent.

View solution in original post

Laurent Aubert · ‎12-11-2009

HI Jesper,

The following configuration should work but not tested

ip nat inside source static tcp 192.168.1.20 21  21

ip nat inside source static 192.168.1.10  route-map NAT reversible
!
route-map NAT permit 10
 match ip address 101
!
access-list 101 deny tcp host 192.168.1.10 eq 21 any
access-list 101 permit ip host 192.168.1.10 any

HTH

Laurent.

jesper_petersen · ‎12-16-2009

Hi Laurent,

Thx so much for your answer!

I sadly never got to test it - but I will do it as soon as I can on another setup.

Thank you for your help!