Cisco Router NAT Question

Unanswered Question
Jul 27th, 2010

Hi!

My Cisco 8xx is able to NAT any SMTP traffic from the outside to the inside mailserver using the following command:

(config)# ip nat inside source static tcp 192.168.10.100 25 int Dialer1 25

Works just fine, but I would like to tune the NAT rule a bit. This rule allows any source to forward trough the router on port 25. The mail we receive comes from a front-end server from our ISP. The use a small WAN IP-range for there servers, for example 77.88.99.20 to 77.88.99.50. For security reasons it would be great when I'm able to fine-tune the static NAT rule so only traffic received from IP 77.88.99.x will be forwarded trough the router. Is that possible? Or do I need a firewall to set this up, an ASA for example?

We are using a Cisco 867 router for the job. 

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tim Roelands Tue, 07/27/2010 - 10:59

Well, I guess I need to apply some kind of an Access-list. Should it look like this;

(config)# access-list 105 permit tcp 77.88.99.0 0.0.0.255 192.168.10.100 0.0.0.0 eq 25

(config)# interface dialer1

(config-if)# ip access-group 105 in

??

Actions

This Discussion