Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Router NAT Question

Hi!

My Cisco 8xx is able to NAT any SMTP traffic from the outside to the inside mailserver using the following command:

(config)# ip nat inside source static tcp 192.168.10.100 25 int Dialer1 25

Works just fine, but I would like to tune the NAT rule a bit. This rule allows any source to forward trough the router on port 25. The mail we receive comes from a front-end server from our ISP. The use a small WAN IP-range for there servers, for example 77.88.99.20 to 77.88.99.50. For security reasons it would be great when I'm able to fine-tune the static NAT rule so only traffic received from IP 77.88.99.x will be forwarded trough the router. Is that possible? Or do I need a firewall to set this up, an ASA for example?

We are using a Cisco 867 router for the job. 

1 REPLY
New Member

Re: Cisco Router NAT Question

Well, I guess I need to apply some kind of an Access-list. Should it look like this;

(config)# access-list 105 permit tcp 77.88.99.0 0.0.0.255 192.168.10.100 0.0.0.0 eq 25

(config)# interface dialer1

(config-if)# ip access-group 105 in

??

152
Views
0
Helpful
1
Replies
CreatePlease login to create content