Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Ip nat inside question (stuck!)

Reply
Thread Tools

Ip nat inside question (stuck!)

 
 
Taff
Guest
Posts: n/a
 
      01-24-2005
I have a router that is terminating Cisco inbound vpn client connections.
But I also need to port forward udp port 500 and 4500 to a client pc on the
inside of the network for third-party vpn connections.

If I add an ip nat inside static command then all my inbound vpn connections
will point at the inside Client PC and fail (I assume).

Is there a way of controlling the port forwarding by source address of the
external connection rather than or in addition to port number?

I only have one public ip address so one to one natting is out of the
question.

Any help would be much appreciated.

Cheers,
Taff.


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      01-24-2005
In article <41f580bc$(E-Mail Removed)>, Taff <(E-Mail Removed)> wrote:
:I have a router that is terminating Cisco inbound vpn client connections.
:But I also need to port forward udp port 500 and 4500 to a client pc on the
:inside of the network for third-party vpn connections.

:If I add an ip nat inside static command then all my inbound vpn connections
:will point at the inside Client PC and fail (I assume).

:Is there a way of controlling the port forwarding by source address of the
:external connection rather than or in addition to port number?

I believe you could use policy maps.

If you are using 12.2(4)T or later, you also have the option of doing
static PAT using ACLs -- before that, use of an ACL automatically meant
dynamic NAT.


:I only have one public ip address so one to one natting is out of the
:question.

Do the inside systems need to terminate the third-party connections?
Or do different inside systems need to connect to different third-party
termination points?
--
The image data is transmitted back to Earth at the speed of light
and usually at 12 bits per pixel.
 
Reply With Quote
 
 
 
 
Taff
Guest
Posts: n/a
 
      01-26-2005
Thanks for the response.
Can you give some examples of static pat using acl's for this type of
solution as I can't seem to find any related to routers (only pix).

Regards the inside systems qu - there is a single client on the inside that
will terminate a third party vpn (single source address).


"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:ct41ev$d3u$(E-Mail Removed)...
> In article <41f580bc$(E-Mail Removed)>, Taff <(E-Mail Removed)> wrote:
> :I have a router that is terminating Cisco inbound vpn client connections.
> :But I also need to port forward udp port 500 and 4500 to a client pc on

the
> :inside of the network for third-party vpn connections.
>
> :If I add an ip nat inside static command then all my inbound vpn

connections
> :will point at the inside Client PC and fail (I assume).
>
> :Is there a way of controlling the port forwarding by source address of

the
> :external connection rather than or in addition to port number?
>
> I believe you could use policy maps.
>
> If you are using 12.2(4)T or later, you also have the option of doing
> static PAT using ACLs -- before that, use of an ACL automatically meant
> dynamic NAT.
>
>
> :I only have one public ip address so one to one natting is out of the
> :question.
>
> Do the inside systems need to terminate the third-party connections?
> Or do different inside systems need to connect to different third-party
> termination points?
> --
> The image data is transmitted back to Earth at the speed of light
> and usually at 12 bits per pixel.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 837 - how to set up Inside to Inside NAT for DNS resolution? Jim Willsher Cisco 23 04-23-2008 09:56 AM
Inside to Inside NAT Jonathan Wright Cisco 2 04-16-2007 04:58 PM
Configuring an inside nat group on inside interface jaalcock@gmail.com Cisco 2 04-11-2006 02:16 AM
NAT Configuration question: verifying availability before NAT Sri Cisco 0 07-19-2005 02:13 PM
Re: nat (inside) 0 question al Cisco 0 07-25-2003 02:50 AM



Advertisments