Solved: Re: NAT configuration on cisco 1941

Zigmunds Vitins · ‎05-14-2010

Hi all,

I am new in cisco, and I have one simple (as I think) question about NAT.

I can successfully access my server via ipsec connection ,but I want to nat one port from external interface to my server.

My config is:

router:

....

interface GigabitEthernet0/0.1

encapsulation dot1Q 570

ip address 7.7.7.130 255.255.255.248

ip access-group 110 in

ip nat outside

interface GigabitEthernet0/1

description internal-net

ip address 10.10.10.1 255.255.255.0

ip access-group 144 in

ip nat inside

I create nat rule (10.10.10.2 is IP address of my server):

ip nat source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050 - for one port

ip nat inside source list 123 interface GigabitEthernet0/0.1 overload - for vpn

In access list I permit access to this port and in logs I can see permitted connections:

008581: *May 14 16:59:31.366 PCTime: %SEC-6-IPACCESSLOGP: list 110 permitted tcp 9.9.9.9(49823) -> 7.7.7.130(10050), 1 packet

but I can not access server, all confections are refused.

From my cisco router I can make telnet to this port successfully.

What I am missing in my configuration?

Thanks.

Rick Arps · ‎05-27-2010

Try

ip nat inside source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050

I've got a few devices with ssh passthrough from the outside and that's how I run it.

Hope this helps!

Rick

Rick Arps · ‎05-27-2010

Try

ip nat inside source static tcp 10.10.10.2 10050 interface GigabitEthernet0/0.1 10050

I've got a few devices with ssh passthrough from the outside and that's how I run it.

Hope this helps!

Rick

Zigmunds Vitins · ‎05-27-2010

Hello,

Thanks Rick, thats works!