Hi,

I would appreciate if somebody could help me with this problem. It's very important.

Thanks in advance

What isn't working? Can you post your access-list 5?

I cannot open the port to remotely connect to the equipment with IP:192.168.1.3 through port:6000 With this command:

ip nat inside source static udp 192.168.1.3 6000 176.55.25.25 5995 extendable

Access-list 5 is:

access-list 5 permit any

Thanks!

You'll want to change your acl to permit only the subnet you want to translate:

access-list 5 permit 192.168.1.0 0.0.0.255

I didn't see the access-list above, but I see it now

Thanks a lot,

I am changing the configuration remotely, so, do you think that I will lose the ssh connection if I change one access list to the other one?

Thanks!

You may....SSH into the public side and you should be able to change it.

Hi,

I have changed the access-list, but I still can't connect to the IP and Port. The current configuration is:

track 1 ip sla 1 reachability

!

!

interface GigabitEthernet0/0

description backup

ip address 176.55.25.25 255.255.255.252

ip nat outside

ip virtual-reassembly in

load-interval 30

duplex auto

speed auto

!

interface GigabitEthernet0/1

description primary

ip address 192.168.2.2 255.255.255.252

ip nat outside

ip virtual-reassembly in

load-interval 30

duplex auto

speed auto

!

!

interface Vlan1

description LAN segment

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

load-interval 30

!

ip forward-protocol nd

!

ip nat inside source route-map backup interface GigabitEthernet0/0 overload

ip nat inside source route-map primary interface GigabitEthernet0/1 overload

ip nat inside source static udp 192.168.1.3 6000 176.55.25.25 5995 extendable

ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 1

ip route 0.0.0.0 0.0.0.0 176.55.25.26 254

!

ip sla 1

icmp-echo 95.110.100.100

threshold 2

timeout 4000

frequency 10

ip sla schedule 1 life forever start-time now

access-list 5 permit 192.168.1.0 0.0.0.255

!

!

route-map backup permit 10

match ip address 5

match interface GigabitEthernet0/0

!

route-map primary permit 10

match ip address 5

match interface GigabitEthernet0/1

!

Thanks

Hi,

can you try adding this:

ip nat inside source static udp 192.168.1.3 6000 192.168.2.2 5995 extendable

Regards.

Alain

Thanks a lot for your help, but that also doesn't work...

What direction are you trying? From the outside or in? Can you do a "debug ip nat", try to get into the port, and then post the results from the debug? Are you 100% certain that this port is udp and whatever application that uses it is running?

Can you get into port 6000 from a local host?

I try to connect to IP: 176.55.25.25 through port 5995, to connect to a equipment inside the router with IP: 192.168.1.3 and port: 6000.

The first thing I though was that there was a problem with the program to connect, but I have also tried opening port 23 and trying telnet, but also doesn't work.

ip nat inside source static tcp 192.168.1.3 23 176.55.25.25 5995

From the router I can telnet the IP 192.168.1.3 (from inside the network)

I cannot do a "debug" because with the last command I lost the connection ssh to the router...

I will try later, or I will ask to reload the router.

Thanks

If you can telnet to the host from the router, then your static translation should work. What is the default gateway on the host?

Hello,

Configuration related the NAT looks good, I would say there is something else Stoping that traffic.

So the first thing I will suggest is to do a capture

ip access-list e Test

permit ip tcp any host 176.55.25.25 eq 5995

permit ip udp  any host 176.55.25.25 eq 5995

permit ip any any

interface GigabitEthernet0/0

ip access-group TEST in

Then try to connect to that server.

Afterwards do a show access-list TEST... We will need to see if there is  hit on that ACL. If not well the traffic is not reaching the router.

Regards,

Julio

Do rate all the helpful posts