I have a CISCO1921 router and I am trying to NAT an internal server to one of my unused public IP addresses (I have a /28 from my provider) This server needs to have a range of UDP ports open to the internet and accessible from the outside to a single internet host only
x.x.x.18 is my router external IP used for NAT overload for all internal hosts to access the internet x.x.x.19 is the external IP i would like to use to NAT the single host to the internet z.z.z.z is the external host that needs to access the interal server on those ports
The person on the other end at ip z.z.z.z claims it doesnt work. Am I missing something in my config ? Do i need to add ssomething to access lists 190 or 191 ? How can I troubleshoot ?
Below is a portion of my sanitized config
interface GigabitEthernet0/0 ip address 10.10.99.1 255.255.255.0 ip access-group 190 in ip flow ingress ip nat inside ip inspect FIREWALL in ip virtual-reassembly in ip policy route-map VOICE duplex auto speed auto service-policy input MARK-POLICY
interface GigabitEthernet0/0/0 description WAN ip address x.x.x.18 255.255.255.240 ip access-group 191 in ip flow ingress ip nat outside ip inspect FIREWALL out ip virtual-reassembly in duplex full speed 100 no cdp enable crypto map VPNMap
ip nat inside source route-map nonat interface GigabitEthernet0/0/0 overload
ip nat inside source static 10.10.99.74 x.x.x.19 route-map Port-Forward-Asterisk
route-map Port-Forward-Asterisk permit 10 match ip address 103
access-list 103 permit udp host z.z.z.z range 10000 20000 any access-list 103 permit udp host z.z.z.z eq 5060 any access-list 103 deny ip any any
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :