Hi all
Does anyone knows how to configure a Cisco router to open port for just one external IP address.
I'm using following command but does not seems to be working.
ip nat inside source static tcp (internal IP of the server) 8080 (external IP address) 8080 extendable
Thanks
Marek
0
Open port 80 only for one external IP address on Cisco router
Started by
marek_w
, Apr 20 2012 12:45 AM
Cisco router
3 replies to this topic
#2
syedabbas
-
- Technical Experts
-
- 573 posts
Hardware & Microsoft
- Gender:Male
- Location:India
- Interests:Interested in Microsoft Products and in the field of networking and security. Have completed my A+,MCP,MCTS and now hoping to get my RHCE soon.
Posted 30 April 2012 - 04:25 AM
Hi marek_w,
Welcome to our forum.
Please take a bit time to check our forum rules and please post Your querries in appropriate Section.
The Question which you posted whould be actually posted in "OPERATING SYSTEMS & NETWORK MANAGEMENT"
If you post in correct section you will get your querries answered soon.
Requesting Mods to Please move it to correct section.
Regards,
Syed Abbas
Welcome to our forum.
Please take a bit time to check our forum rules and please post Your querries in appropriate Section.
The Question which you posted whould be actually posted in "OPERATING SYSTEMS & NETWORK MANAGEMENT"
If you post in correct section you will get your querries answered soon.
Requesting Mods to Please move it to correct section.
Regards,
Syed Abbas
#3
MarkinManchester
-
- Veterans
-
- 3928 posts
Village Elder
- Gender:Male
- Location:KABUL
Posted 30 April 2012 - 04:42 AM
interface ethernet 0
ip address 172.16.10.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface serial 0
ip address 200.200.200.5 255.255.255.252
ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 8080
As your example only has one address so the so the use of "extendable" is not required, in the situation below you would require it.
NAT extendable
IOS does not allow allow two static translation with the same local addresses. However there are situation where customer might require two identical local addresses to be translated to different global addresses. The keyword extendable is used to achieve this.
Example:
ip nat inside source static 192.168.10.60 239.10.10.10 extendable
ip nat inside source static 192.168.10.60 239.20.20.20 extendable
The keyword extendable allows several static ambiguous address translation, ambiguous being the same local address or same global address.
Mark
ip address 172.16.10.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface serial 0
ip address 200.200.200.5 255.255.255.252
ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 8080
As your example only has one address so the so the use of "extendable" is not required, in the situation below you would require it.
NAT extendable
IOS does not allow allow two static translation with the same local addresses. However there are situation where customer might require two identical local addresses to be translated to different global addresses. The keyword extendable is used to achieve this.
Example:
ip nat inside source static 192.168.10.60 239.10.10.10 extendable
ip nat inside source static 192.168.10.60 239.20.20.20 extendable
The keyword extendable allows several static ambiguous address translation, ambiguous being the same local address or same global address.
Mark
#4
talent pk
-
- Technical Experts
-
- 4025 posts
Cisco Newbie
- Gender:Male
- Location:Pakistan
- Interests:Oracle
Posted 16 May 2012 - 03:23 AM
ip nat inside source static tcp (internal ip) 80 (external ip) 80
actually you are using wrong port here
you might be using internal proxy port which is 8080,if you want direct you need to keep that single private pc out of proxy and give it a direct internet access via cisco router. just use the above command. otherwise your internal LAN proxy server will always be hurdle in NAT
remember NAT and proxy conflict
actually you are using wrong port here
you might be using internal proxy port which is 8080,if you want direct you need to keep that single private pc out of proxy and give it a direct internet access via cisco router. just use the above command. otherwise your internal LAN proxy server will always be hurdle in NAT
remember NAT and proxy conflict
Edited by talent pk, 16 May 2012 - 03:25 AM.
Also tagged with one or more of these keywords: Cisco router
CERTIFICATION →
CISCO SYSTEMS →
CISCO WIRELESS (CCNA, CCNP, CCIE) →
Cisco 1941 with DOCSIS 2.0-based cable modem card for Virgin broadbandStarted by marek_w , 18 Apr 2012  Cisco router
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
