Sign in with
Sign up | Sign in
Your question

Port Forwarding Cisco 2811

Last response: in Networking
Share
April 9, 2013 10:56:53 PM

Can anyone help me configure Cisco 2811 on Port Forwarding.

I have 6 public ip 210.xx.xx.224/29 need to port forward to private ip 10.xx.xx.0/24.

i need some public ip directly mapped to private ip:
210.xx.xx.225 >> 10.xx.xx.1 (router)
210.xx.xx.227 >> 10.xx.xx.3 (svr1)
210.xx.xx.228 >> 10.xx.xx.4 (svr2)

some public ip mapped to 2 private ip:
210.xx.xx.226 >> 10.xx.xx.2 (svr3)
10.xx.xx.225 (svr6)
210.xx.xx.229 >> 10.xx.xx.5 (svr4)
10.xx.xx.226 (svr7)
210.xx.xx.230 >> 10.xx.xx.6 (svr5)
10.xx.xx.227 (svr8)

hope somebody could help.
Thanks
April 9, 2013 11:08:28 PM

you need to know cli...
you have 6 ports on the untrust, 1 each, set ip on wan as you have and...
m
0
l
April 10, 2013 6:59:34 AM

Unfortunately you have a lots of learning to do, the way you ask the question leads me to believe you have not configured cisco nat before.

So the answers you want
For the simple ones a example statement is

IP NAT INSIDE SOURCE STATIC 10.xx.xx.4 210.xx.xx.228

The other ones you can't do. You cannot map a outside address to multiple servers. Now you can map say port 25 to one server and port 80 to another. A example of tcp port forwarding for port 80 is.

ip nat inside source static tcp 10.xx.xx.5 80 210.xx.xx.229 80 extendable
m
0
l
Related resources
April 10, 2013 8:22:45 AM

Sorry i really haven't tried to configure router before that's why i'm asking. I only have a little knowledge.
Here's what i did, i mapped 1 to 1 on two public ip to private ip:

1. IP NAT INSIDE SOURCE STATIC 10.xx.xx.3 210.xx.xx.227
2. IP NAT INSIDE SOURCE STATIC 10.xx.xx.4 210.xx.xx.228

For the remaining 3 public ip which will be used by 6 private ip with different port:

ex:
10.xx.xx.2 (svr3) & 10.xx.xx.225 (svr6) will used 210.xx.xx.226
10.xx.xx.5 (svr4) & 10.xx.xx.226 (svr7) will used 210.xx.xx.229
10.xx.xx.6 (svr5) & 10.xx.xx.227 (svr8) will used 210.xx.xx.230

what i did, i create 210.xx.xx.226, 210.xx.xx.229 & 210.xx.xx.230 on each different pool:

1.
ip nat inside source list 101 pool Public_Pool-A overload
access-list 101 permit ip host 10.xx.xx.2 any
access-list 101 permit ip host 10.xx.xx.225 any

2.
ip nat inside source list 102 pool Public_Pool-B overload
access-list 102 permit ip host 10.xx.xx.5 any
access-list 102 permit ip host 10.xx.xx.226 any

3.
ip nat inside source list 103 pool Public_Pool-B overload
access-list 103 permit ip host 10.xx.xx.6 any
access-list 103 permit ip host 10.xx.xx.227 any

4.
how to add rdp port to access-list from any ip outside access to inside ip 10.xx.xx.6 on port 6969?

what i need is that, all private ip can go out to the internet.
only some ports are open on lan which is accessible from internet.
thanks
m
0
l
April 10, 2013 9:56:31 AM

What you have will work you just need to add the port level nats for 10.xx.xx.6

If I read it right you want to map the outside address with the default RDP port of 3389 to the inside server on port 6969 ?

ip nat inside source static tcp 10.xx.xx.6 6969 ??.??.??.?? 3389 extendable




m
0
l
!