i am working at a client site today. The client has indicated that they need to have a server translated so that connections coming in from the public can access the server. I told the client I would be able to use NAT for this on their 2911 G2 router.
The requirement is that connection attemtps be allowed to come into a public address, which I will call 188.8.131.52 for the purpose of this example.
The inside (real address) for the server is 192.168.15.14/24.
Here is the statement that I have placed on the router:
ip nat inside source static 192.168.15.14 184.108.40.206
and also have placed "ip nat inside" on the Ethernet that faces inside to the 192.168.15.0/24 network. I have placed "ip nat outside" on the Ethernet that faces the Internet.
I also placed an ACL statement to allow the ports required which reads:
180 permit tcp any any eq 60000 64999
181 permit udp any any eq 60000 64999
My concern is whether I have written the NAT statement correctly or not.
here is what I see when I perform a "sho ip nat trans"
tbhroomsgw#sho ip nat trans
Pro Inside global Inside local Outside local Outside global
you need to make some changes here. We'll assume your internal interface is fa0/0 and your external is fa0/1 for the sake of this reply.
ip access-list extended aclPortFrowardRange
permit tcp any any range 60000 64999
permit udp any any range 60000 64999
ip access-list standard aclNat
permit 192.168.15.0 0.0.0.255
ip nat pool poolServer 192.168.15.14 192.168.15.14 netmask 255.255.255.0 type rotary
ip address 192.168.15.1 255.255.255.0 ! or whatever it is on this subnet.
ip nat inside
ip nat outside
ip nat inside source list aclNat interface fa0/1 overload
ip nat inside destination list aclPortForwardRange pool poolServer
You will also need to poke any holes in your inbound ACL on your external interface if there is one. use a similar sytax to the aclPortForwardRange example above in this ACL if need be.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...