Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

how to direct a wan port to a host

i want to direct traffic port aaaa fram the wan interface tot the vlan host bbbb

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: how to direct a wan port to a host

Hello Jilles,

If I understood correctly you want that traffic received on wan interface for a specific TCP or UDP port to be directed to an internal host with a specific ip address.

I suppose you are using NAT you can add a specific statement for this

ip nat inside source static tcp local-ip local-port interface global-port

if you are not using NAT you can use PBR to achieve this

Hope to help

Giuseppe

Hall of Fame Super Blue

Re: how to direct a wan port to a host

Jilles

Cisco NAT is not always the easiest thing to get the hang of !

The key thing to understand with the static NAT statement is that it is bi-directional ie. it the statement works both ways.

So perhaps thinking of it like this may help -

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

the above tells the router to present the inside address of cccc to the outside as the address on the fa4 interface. Note that inside and outside are relative in that it is purely down to which interfaces you designate as inside and outside.

So what you are telling the router is that if a packet comes from cccc and is destined for the WAN it will be translated to fa4 address. But you are also telling the router that any packet from the WAN coming to the fa4 address should be translated to cccc on the inside.

Key thing to understand is the concept of inside/outside, have a look at this doc which gives a good overview -

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Jon

4 REPLIES
Hall of Fame Super Silver

Re: how to direct a wan port to a host

Hello Jilles,

If I understood correctly you want that traffic received on wan interface for a specific TCP or UDP port to be directed to an internal host with a specific ip address.

I suppose you are using NAT you can add a specific statement for this

ip nat inside source static tcp local-ip local-port interface global-port

if you are not using NAT you can use PBR to achieve this

Hope to help

Giuseppe

New Member

Re: how to direct a wan port to a host

understand the command is to log in from wan

to host cccc with port bbbb

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

but the logic of cisco fails me.

in sdm i have to fill in translating from adres the host on the inside , but i make the call from outside wan.

the command sentence also speaks of source adres but my logic says the source adres is that of the host that trys to make connection with the inside adres.

what do i miss ?

New Member

Re: how to direct a wan port to a host

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

this is the command which works to let an host from wan(=outside) = fastethernet4 to remote desktop on port bbbb on a hostserver cccc on the vlan(=inside).

but the command names the inside adres as source(=originating) but it is a host on the wan which want to connect to the inside host

in the sdm screen the original adres is cccc, the thranslated adres the ipadres of the cisco router on the ethernet4 interface.

so in my logic the source adres or originating adres is the ip adres of the wan host because he wants to communicate with the server.

so why is the original inside adres the source adres.

Hall of Fame Super Blue

Re: how to direct a wan port to a host

Jilles

Cisco NAT is not always the easiest thing to get the hang of !

The key thing to understand with the static NAT statement is that it is bi-directional ie. it the statement works both ways.

So perhaps thinking of it like this may help -

ip nat inside source static tcp cccc bbbb interface FastEthernet4 bbbb

the above tells the router to present the inside address of cccc to the outside as the address on the fa4 interface. Note that inside and outside are relative in that it is purely down to which interfaces you designate as inside and outside.

So what you are telling the router is that if a packet comes from cccc and is destined for the WAN it will be translated to fa4 address. But you are also telling the router that any packet from the WAN coming to the fa4 address should be translated to cccc on the inside.

Key thing to understand is the concept of inside/outside, have a look at this doc which gives a good overview -

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Jon

256
Views
0
Helpful
4
Replies
CreatePlease to create content