Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Static PAT help

I want people on the outside going to https://1.1.1.68 to be allowed and be redirected to inside address
192.168.168.242

outside interface IP address is 1.1.1.65 255.255.255.240


Here is what I was going to configure, will this accomplish what I want?

object network 1.1.1.68_OWA
 host 1.1.1.68

object network TCP_OWA_242_443
 host 192.168.168.242
 nat (inside,outside) static 1.1.1.68_OWA service tcp https https


access-list outside_inbound extended permit tcp any4 host 192.168.168.242 object-group DM_INLINE_TCP_242_443

 

 

Thanks,

Mike

 

4 REPLIES
Bronze

that should do it. You don't

that should do it. You don't really need the port translation if you just want to do a one-to-one mapping. so it would look like this:

 

object network TCP_OWA_242_443
 host 192.168.168.242
 nat (inside,outside) static 1.1.1.68

Thanks for the input and info

Thanks for the input and info. I noticed I had a few things wrong in my first post.

Here are the corrections please let me know if this is still good.

The users will go to https://1.1.1.68:443

and outside interface IP address is 1.1.1.65 255.255.255.240

The reason is I will have need to setup other ports to the same box so I would need the PAT.

Here is the corrected config....I think :-)

object network 1.1.1.68_OWA
 host 1.1.1.68

object network TCP_OWA_242_443
 host 192.168.168.242
 nat (inside,outside) static 1.1.1.68_OWA service tcp https https


access-list outside_inbound extended permit tcp any4 host 192.168.168.242 object-group TCP_OWA_242_443

 

 

Bronze

When I first looked at it I

When I first looked at it I thought DM_INLINE_TCP_242_443 was a protocol group you had defined somewhere else but not included in the snippet.

From your revision it looks like you're calling the network group where the port # or service group should be. I think what you're looking for is something like this:

 

object network 1.1.1.68_OWA
 host 1.1.1.68

object network TCP_OWA_242_443
 host 192.168.168.242
 nat (inside,outside) static 1.1.1.68_OWA service tcp https https

access-list outside_inbound extended permit tcp any object TCP_OWA_242_443 eq https

 

Yeah the DM_INLINE was a

Yeah the DM_INLINE was a mistake.

 

Thanks for the correction, and for your help. I will be trying this and will post results

 

Mike

37
Views
10
Helpful
4
Replies