NAT configuration on cisco 1941

Answered Question
May 14th, 2010
User Badges:

Hi all,



I am new in cisco, and I have one simple (as I think) question about NAT.

I can successfully access my server via ipsec connection ,but I want to nat one port from external interface to my server.


My config is:


router:

....

interface GigabitEthernet0/0.1

encapsulation dot1Q 570

ip address 7.7.7.130 255.255.255.248

ip access-group 110 in

ip nat outside


interface GigabitEthernet0/1

description internal-net

ip address 10.10.10.1 255.255.255.0

ip access-group 144 in

ip nat inside


I create nat rule (10.10.10.2 is IP address of my server):


ip nat source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050 - for one port

ip nat inside source list 123 interface GigabitEthernet0/0.1 overload - for vpn


In access list I permit access to this port and in logs I can see permitted connections:

008581: *May 14 16:59:31.366 PCTime: %SEC-6-IPACCESSLOGP: list 110 permitted tcp 9.9.9.9(49823) -> 7.7.7.130(10050), 1 packet


but I can not access server, all confections are refused.

From my cisco router I can make telnet to this port successfully.

What I am missing in my configuration?


Thanks.

Correct Answer by Rick Arps about 7 years 4 weeks ago

Try


ip nat inside source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050


I've got a few devices with ssh passthrough from the outside and that's how I run it.


Hope this helps!

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Rick Arps Thu, 05/27/2010 - 05:35
User Badges:
  • Bronze, 100 points or more

Try


ip nat inside source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050


I've got a few devices with ssh passthrough from the outside and that's how I run it.


Hope this helps!

Rick

Actions

This Discussion