Cisco Router NAT Question

Unanswered Question
Jul 27th, 2010
User Badges:

Hi!


My Cisco 8xx is able to NAT any SMTP traffic from the outside to the inside mailserver using the following command:

(config)# ip nat inside source static tcp 192.168.10.100 25 int Dialer1 25


Works just fine, but I would like to tune the NAT rule a bit. This rule allows any source to forward trough the router on port 25. The mail we receive comes from a front-end server from our ISP. The use a small WAN IP-range for there servers, for example 77.88.99.20 to 77.88.99.50. For security reasons it would be great when I'm able to fine-tune the static NAT rule so only traffic received from IP 77.88.99.x will be forwarded trough the router. Is that possible? Or do I need a firewall to set this up, an ASA for example?


We are using a Cisco 867 router for the job. 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tim Roelands Tue, 07/27/2010 - 10:59
User Badges:

Well, I guess I need to apply some kind of an Access-list. Should it look like this;


(config)# access-list 105 permit tcp 77.88.99.0 0.0.0.255 192.168.10.100 0.0.0.0 eq 25


(config)# interface dialer1

(config-if)# ip access-group 105 in


??

Actions

This Discussion