Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Cisco 871 NAT configuration not working

The problem is that NAT is not working for the "internal" network.

If i own the ip 10.0.0.15 for example and i try to reach x.x.x.x:65009 i will not work.

what's the problem?

here is the configuration:

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$

ip address x.x.x.x 255.255.255.192

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Vlan1

ip address 10.0.0.1 255.255.255.192

ip access-group 2 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 10.0.0.12 60022 x.x.x.x 65000 extendable

ip nat inside source static tcp 10.0.0.12 80 x.x.x.x 65001 extendable

ip nat inside source static tcp 10.0.0.12 21 x.x.x.x 65002 extendable

ip nat inside source static tcp 10.0.0.12 389 x.x.x.x 65003 extendable

ip nat inside source static tcp 10.0.0.12 3306 x.x.x.x 65004 extendable

ip nat inside source static tcp 10.0.0.12 10000 x.x.x.x 65005 extendable

ip nat inside source static tcp 10.0.0.12 443 x.x.x.x 65007 extendable

ip nat inside source static tcp 10.0.0.21 80 x.x.x.x 65009 extendable

ip nat inside source static tcp 10.0.0.21 22 x.x.x.x 65010 extendable

ip nat inside source static tcp 10.0.0.12 8080 x.x.x.x 65011 extendable

ip nat inside source static tcp 10.0.0.21 21 x.x.x.x 65012 extendable

ip nat inside source static tcp 10.0.0.21 3306 x.x.x.x 65013 extendable

!

logging trap debugging

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.0.0.0 0.0.0.63

access-list 2 deny 10.0.0.8

access-list 2 deny 10.0.0.2

access-list 2 deny 10.0.0.3

access-list 2 deny 10.0.0.6

access-list 2 deny 10.0.0.7

access-list 2 deny 10.0.0.4

access-list 2 deny 10.0.0.5

access-list 2 permit 0.0.0.0 10.0.0.63

---

Posted by WebUser ??????? ???

1068
Views
0
Helpful
0
Replies
CreatePlease login to create content