Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT question - Map port 21 to one internal IP and all other ports to another internal IP?

Hello,

I'm trying to move a Linksys router out of my network.

The Linksys router is currently configured with a DMZ zone that forwards all traffic to a specific IP, say 192.168.1.10.

The Linksys router is also configured to PAT port 21 to another IP, say 192.168.1.20.

It is doing all this from its one and only public IP.

How can I do the same on IOS (1800 series router)?

To sum it up: One public IP, PAT port 21 to 192.168.1.20 and PAT all the other ports 1-20,22-65535 to 192.168.1.10.

I would really hate to do 65535 PAT statements

Hope you can help and thanks in advance!

Best regards,

Jesper

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: NAT question - Map port 21 to one internal IP and all other

HI Jesper,

The following configuration should work but not tested

ip nat inside source static tcp 192.168.1.20 21  21

ip nat inside source static 192.168.1.10  route-map NAT reversible
!
route-map NAT permit 10
 match ip address 101
!
access-list 101 deny tcp host 192.168.1.10 eq 21 any
access-list 101 permit ip host 192.168.1.10 any

HTH

Laurent.

2 REPLIES
Cisco Employee

Re: NAT question - Map port 21 to one internal IP and all other

HI Jesper,

The following configuration should work but not tested

ip nat inside source static tcp 192.168.1.20 21  21

ip nat inside source static 192.168.1.10  route-map NAT reversible
!
route-map NAT permit 10
 match ip address 101
!
access-list 101 deny tcp host 192.168.1.10 eq 21 any
access-list 101 permit ip host 192.168.1.10 any

HTH

Laurent.

New Member

Re: NAT question - Map port 21 to one internal IP and all other

Hi Laurent,

Thx so much for your answer!

I sadly never got to test it - but I will do it as soon as I can on another setup.

Thank you for your help!

1235
Views
0
Helpful
2
Replies
CreatePlease to create content