Access Lists and NAT

Answered Question
Mar 15th, 2006
User Badges:

Can you use NAT in combination with ACLs to forward packets that come in on an interface on a specific port (8001)to a specific device on a different port (80)? This is on a router, not a PIX.


If so, then how?

Correct Answer by pkhatri about 11 years 5 months ago

You certainly can. Here's an example


interface Ethernet0

ip nat inside

!

interface Serial0

ip nat outside

!

ip nat inside source static tcp 10.1.1.1 80 200.1.1.1 8001

OR

ip nat inside source static tcp 10.1.1.1 80 serial0 8001


Hope that helps - pls rate the post if it does.

Paresh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
pkhatri Wed, 03/15/2006 - 12:45
User Badges:
  • Purple, 4500 points or more

You certainly can. Here's an example


interface Ethernet0

ip nat inside

!

interface Serial0

ip nat outside

!

ip nat inside source static tcp 10.1.1.1 80 200.1.1.1 8001

OR

ip nat inside source static tcp 10.1.1.1 80 serial0 8001


Hope that helps - pls rate the post if it does.

Paresh

jackko Wed, 03/15/2006 - 15:42
User Badges:
  • Gold, 750 points or more

just a quick add-on.


the inbound acl would be on the public ip, not the private ip.


e.g.

access-list 111 permit tcp any host 200.1.1.1 eq 8001


interface s0

ip access-group 111 in

Actions

This Discussion