Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

Bronze

Port Redirection and NAT

Hi,

I have a situation where I have a single NAT'ed server that needs ports http, https and a port redirection from 8080 to https done from the Internet into our DMZ. Currently, I have a regular static and ACL that allows http and https traffic. The port redirection piece is the question here because the only way I know how to do this is with a static statement. I already have one static for the http and https traffic so I can't add another for the redirection part.

Is there another way to do port redirection without using statics?

Thanks in advance.

5 REPLIES
New Member

Re: Port Redirection and NAT

hi mike,

your question is not very much clear.

hope the below commnand will help you to resolve your issue.

(config)# static (inside,outside) tcp interface or publicip www 192.168.10.10 www netmask 255.255.255.255

(config)# static (inside,outside) tcp interface or publicip https 192.168.10.10 https netmask 255.255.255.255

(config)# static (inside,outside) tcp interface or publicip 8080 192.168.10.20 https netmask 255.255.255.255

rgrds

Naveen

Bronze

Re: Port Redirection and NAT

Thanks Naveen,

Thanks for the reply. I need the config to look like this..

static (dmz,outside) tcp 125.x.x.34 www 192.x.x.34 www netmask 255.255.255.255

static (dmz,outside) tcp 125.x.x.34 https 192.x.x.34 https netmask 255.255.255.255

static (dmz,outside) tcp 125.x.x.34 8888 192.x.x.34 https netmask 255.255.255.255

The last static gives me an duplicate error because the static above it allows https already I'm assuming.

Thanks.

Re: Port Redirection and NAT

Unfortunately it is a dup static entry for https doing it that way using same local host

unless you assign a secondary IP address on the server - 192.x.x.35 as second IP.

But probably best way is to workaround it by using policy NAT.

doing it with secondary server IP eg.. 192.x.x.35 would be as:

static (dmz,outside) tcp 125.x.x.34 https 192.x.x.34 https netmask 255.255.255.255

static (dmz,outside) tcp 125.x.x.34 8888 192.x.x.35 https netmask 255.255.255.255

Doing it with policy NAT - no need for secondary IP address on server but using same 192.x.x.34 address.

access-list policy_nat1 permit tcp host 192.x.x.34 eq https any

access-list policy_nat2 permit tcp host 192.x.x.34 eq https any

static (dmz,outside) tcp 125.x.x.34 https access-list policy_nat1

static (dmz,outside) tcp 125.x.x.34 8888 access-list policy_nat2

Regards

Bronze

Re: Port Redirection and NAT

Thanks!!

We found out that the server did not need redirection but thanks for the solution for future use.

Thanks Again.

Re: Port Redirection and NAT

You're welcome Mike, thanks for rating.

Regards

252
Views
5
Helpful
5
Replies
CreatePlease to create content