Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access control for static NAT

Hi,

For the below config of attached file,

How can I,

(1) forward range of ports to a specific IPs using static NAT? for ex, i would like to forward port 5060 and 10000-20000 to a server 192.168.1.22..

(2) how to apply access control to this static NAT ? for ex. i would like to deny specfic IPs from accessing it from public..

====================================================

interface ethernet 0

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface ethernet 1

ip address 1.1.1.2 255.255.255.252

ip nat outside

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip nat pool inetpcs 2.2.2.1 2.2.2.1

ip nat inside source list 101 pool inetpcs overload

access-list 101 permit ip 192.168.1.128 0.0.0.127 any

(to permit LAN hosts 192.168.1.129 - 192.168.1.254 inetenet access) 

ip nat inside source static 192.168.1.22  2.2.2.5

(inbound access to SIP server)

==============================================================

Thanks,

Sandip

114
Views
0
Helpful
0
Replies
CreatePlease login to create content