I am new in cisco, and I have one simple (as I think) question about NAT.
I can successfully access my server via ipsec connection ,but I want to nat one port from external interface to my server.
My config is:
encapsulation dot1Q 570
ip address 184.108.40.206 255.255.255.248
ip access-group 110 in
ip nat outside
ip address 10.10.10.1 255.255.255.0
ip access-group 144 in
ip nat inside
I create nat rule (10.10.10.2 is IP address of my server):
ip nat source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050 - for one port
ip nat inside source list 123 interface GigabitEthernet0/0.1 overload - for vpn
In access list I permit access to this port and in logs I can see permitted connections:
008581: *May 14 16:59:31.366 PCTime: %SEC-6-IPACCESSLOGP: list 110 permitted tcp 220.127.116.11(49823) -> 18.104.22.168(10050), 1 packet
but I can not access server, all confections are refused.
From my cisco router I can make telnet to this port successfully.
What I am missing in my configuration?
ip nat inside source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050
I've got a few devices with ssh passthrough from the outside and that's how I run it.
Hope this helps!