Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Static NAT help

I need to permit the conexion from outside to inside in a 2911 Cisco router, only from an Public IP Address (supose 1.1.1.1) to some local private IPs.

I have one question:

Using the command:

ip nat inside source static tcp <local ip> <port> <global ip> <port>

The "global IP" can be the Public IP from where the connection starts (in this case 1.1.1.1)? or it must be the Public IP assigned the the Router interface connected to the Public Network.

Thanks

Everyone's tags (1)
3 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Static NAT help

The Global Ip is for the front of the router, the access list applied to the interface would be what should be applied to secure the communications.

Green

Static NAT help

Hi,

This should help you to get started

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

HTH

Alex

Please rate useful posts

Regards, Alex. Please rate useful posts.
Silver

Static NAT help

if your ISP assigns to you 1.1.1.1, thats the ip you have to use as the gobal address (Source) to destination (example: 192.168.1.12).

---

Posted by WebUser Julio C. Padilla

8 REPLIES
New Member

Static NAT help

The Global Ip is for the front of the router, the access list applied to the interface would be what should be applied to secure the communications.

New Member

Static NAT help

Thanks for your quick reply.

Could you or anybody recommend any document regarding the NAT and access list?

Thanks

Green

Static NAT help

Hi,

This should help you to get started

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

HTH

Alex

Please rate useful posts

Regards, Alex. Please rate useful posts.
New Member

Static NAT help

Thanks!

New Member

Static NAT help

Hi,

The document recomended is good, but i would need a document that shows how to configure an access list to get from the internet to the private network also using NAT to redirect TCP traffic using ports. The NAT configuration would be like this:

ip nat inside source static tcp 1.1.1.1  5900 192.168.1.10 5900

Thanks

Purple

Static NAT help

Hi,

you don't need any ACL for the static NAT  or static PAT to work because this is a router not a firewall but you can configure either ACL inbound on the public side only permitting traffic you desire but don't forget return traffic for inside to outside communication so the best security wise would be to configure stateful IOS firewall with CBAC or the newer ZBF.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Static NAT help

Thanks for the quick reply, but mi idea is not to configure the firewall. What is required is only to give access to one public address to one private address, so that is what I would like to do.

Thanks

Silver

Static NAT help

if your ISP assigns to you 1.1.1.1, thats the ip you have to use as the gobal address (Source) to destination (example: 192.168.1.12).

---

Posted by WebUser Julio C. Padilla

646
Views
0
Helpful
8
Replies
CreatePlease to create content