Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS Firewall Feature set - How to allow incoming traffic?

Hello

I have a C800-router that connects a local office LAN to internet. It?s configured like this

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

ip address <yadayada>

ip access-group Outside_ACL_in2 in

ip nat outside

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.16.1 255.255.255.0

ip access-group Inside_ACL_in in

ip nat inside

!

ip nat inside source route-map NAT_RMAP_1 interface Dialer0 overload

(route map NAT_RMAP_1 is an ACL for split-tunneling, denying traffic going into a VPN-tunnel, everything else is nat:ed)

Now: I need to allow connections from internet (tcp/3389 and tcp/5900) to the outside ip address to be translated and forwarded to the inside host 192.168.16.100.

I am more used to pix/asa:s, and there I should simply add a few static and permit the traffic in the outside acl.

But, how do I do this in IOS?

Thanks for your help!

Regards jimmy

1 ACCEPTED SOLUTION

Accepted Solutions

Re: IOS Firewall Feature set - How to allow incoming traffic?

Jimmy-

These are equivalent to 'statics' on PIX/ASA.

ip nat inside source static tcp 192.168.16.100 3389 3389

ip nat inside source static tcp 192.168.16.100 5900 5900

You will still need to give access via the ACL.

HTH and please rate.

3 REPLIES

Re: IOS Firewall Feature set - How to allow incoming traffic?

Jimmy-

These are equivalent to 'statics' on PIX/ASA.

ip nat inside source static tcp 192.168.16.100 3389 3389

ip nat inside source static tcp 192.168.16.100 5900 5900

You will still need to give access via the ACL.

HTH and please rate.

New Member

Re: IOS Firewall Feature set - How to allow incoming traffic?

Great. Thanks a lot!

Just to be sure... I assume I will permit traffic to the outside IP (not the NAT:ed one) in the outside acl, just the way it works in Pix/ASA?

Best Regards

Jimmy

Re: IOS Firewall Feature set - How to allow incoming traffic?

Yes.

276
Views
0
Helpful
3
Replies
CreatePlease to create content