05-14-2010 07:21 AM - edited 03-03-2019 05:57 AM
Hi all,
I am new in cisco, and I have one simple (as I think) question about NAT.
I can successfully access my server via ipsec connection ,but I want to nat one port from external interface to my server.
My config is:
router:
....
interface GigabitEthernet0/0.1
encapsulation dot1Q 570
ip address 7.7.7.130 255.255.255.248
ip access-group 110 in
ip nat outside
interface GigabitEthernet0/1
description internal-net
ip address 10.10.10.1 255.255.255.0
ip access-group 144 in
ip nat inside
I create nat rule (10.10.10.2 is IP address of my server):
ip nat source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050 - for one port
ip nat inside source list 123 interface GigabitEthernet0/0.1 overload - for vpn
In access list I permit access to this port and in logs I can see permitted connections:
008581: *May 14 16:59:31.366 PCTime: %SEC-6-IPACCESSLOGP: list 110 permitted tcp 9.9.9.9(49823) -> 7.7.7.130(10050), 1 packet
but I can not access server, all confections are refused.
From my cisco router I can make telnet to this port successfully.
What I am missing in my configuration?
Thanks.
Solved! Go to Solution.
05-27-2010 05:35 AM
Try
ip nat inside source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050
I've got a few devices with ssh passthrough from the outside and that's how I run it.
Hope this helps!
Rick
05-27-2010 05:35 AM
Try
ip nat inside source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050
I've got a few devices with ssh passthrough from the outside and that's how I run it.
Hope this helps!
Rick
05-27-2010 05:41 AM
Hello,
Thanks Rick, thats works!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide