Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

501:port forwarding pub ip:xxx.xxx.xxx.xxx 80 to priv:yyy.yyy.yyy.yyy 80

the basic setup below allows full access to the outside world from the private network via pat/nat (works great). in addition, i would like to be able to access my internal web server at 192.168.1.241 port 80 via 206.111.80.98 port 80 while on the internet (outside). please advise. i have tried numerous things and the only result is that i break nat/pat from the internal hosts. i only have one public ip assigned. any gurus out there wanna tackle (good is a howto, better is command syntax :)

-Fred

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 206.111.80.98 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

ip verify reverse-path interface outside

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.1.3 255.255.255.255 inside

pdm location 192.168.1.5 255.255.255.255 inside

pdm location 206.111.80.98 255.255.255.255 inside

pdm location 192.168.1.2 255.255.255.255 inside

pdm location 192.168.1.241 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group 100 in interface outside

route outside 0.0.0.0 0.0.0.0 206.111.80.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.1.5 255.255.255.255 inside

http 192.168.1.3 255.255.255.255 inside

http 192.168.1.2 255.255.255.255 inside

floodguard enable

no sysopt route dnat

telnet 192.168.1.0 255.255.255.0 inside

telnet 206.111.80.98 255.255.255.255 inside

telnet timeout 5

ssh timeout 5

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd dns 192.168.1.241 216.13.28.12

dhcpd lease 360000

1 REPLY
New Member

Re: 501:port forwarding pub ip:xxx.xxx.xxx.xxx 80 to priv:yyy.yy

i found my own solutions and thought i outa publish. i had a few guys email me and say that i need additional ip's but i knew this could not be the case! so, when someone asks for port 80 on my outside ip, they goto 192.168.1.241 port 80. same for other services...now on to my next task: blocking spam! :)

-Fred

static (inside,outside) tcp interface smtp 192.168.1.241 smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 443 192.168.1.241 443 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface www 192.168.1.241 www netmask 255.255.255.255 0 0

267
Views
0
Helpful
1
Replies
CreatePlease login to create content