03-31-2016 02:40 AM - edited 03-12-2019 12:33 AM
Can anybody help me in configuring the following?
I have a router with zone based firewall configured.
I have the following port redirect:
ip nat inside source static tcp 192.168.1.100 80 172.24.10.100 8888 extendable
172.24.10.x is my pool of outside addresses.
I need to reach the server 192.168.1.100:80 from any outside address (by the address 172.24.10.100:8888 )
which class map type inspect do I have to configure?
Thanks
Johnny
03-31-2016 02:54 AM
You can use a class-map that references an ACL. This ACL allows the traffic to the real IP/Port of the server.
03-31-2016 03:10 AM
do you mean the following?
access-list 101 permit tcp any host 192.168.1.100 eq 80
in the policy map do I have to put an inspect or a pass statement?
Thanks
Johnny
03-31-2016 03:17 AM
Yes, the ACL is ok, although I would use a named ACL.
The action "pass" is for unidirectional flows. If you want that your server can send answers back to the client (probably yes ;-) ) then you need to "inspect" that traffic.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: