1720 Config Help. NAT and Port Forwarding...

Discussion in 'Cisco' started by ComputerMan, Apr 27, 2004.

  1. ComputerMan

    ComputerMan Guest

    Group,

    I need to configure this 1720 router to allow inbound TCP connections on
    port 407 and directed to 192.168.1.28. This is a Timbuktu VPN pipe.

    Here is the simple config currently. Just running NAT.

    Thanks for the help.

    Dan

    !

    version 12.1

    service timestamps debug uptime

    service timestamps log uptime

    service password-encryption

    !

    hostname gatewayrt

    !

    no logging console

    enable secret 5 $1$EYzP$Fg5WeKMquS9QkZAT/hAPQ2

    !



    !

    memory-size iomem 25

    ip subnet-zero

    !

    ip audit notify log

    ip audit po max-events 100

    !

    !


    interface Serial0

    ip address 67.165.0.126 255.255.255.252

    ip nat outside

    encapsulation frame-relay IETF

    no ip route-cache

    frame-relay interface-dlci 500

    frame-relay lmi-type ansi

    !

    interface FastEthernet0

    ip address 192.168.1.1 255.255.255.0

    ip nat inside

    speed auto

    full-duplex

    !

    ip nat pool graphic 67.165.33.97 67.165.33.97 netmask 255.255.255.240

    ip nat inside source list 1 pool graphic overload

    ip classless

    ip route 0.0.0.0 0.0.0.0 67.165.0.125

    no ip http server

    !

    access-list 1 permit any

    !

    line con 0

    transport input none

    line aux 0

    line vty 0 4

    password 7 11032C114142056D57

    login

    !

    no scheduler allocate

    end
     
    ComputerMan, Apr 27, 2004
    #1
    1. Advertising

  2. ComputerMan

    Ben Guest

    This configuration won't work for port forwarding.
    You need to use static nat translation so the destination ports are
    statically mapped (the same inside and outside) not arbritarily allocated.
    e.g.

    ip nat inside source static tcp 192.168.1.28 407 interface serial 0 407

    "ComputerMan" <> wrote in message
    news:aiBjc.43487$GR.6100892@attbi_s01...
    > Group,
    >
    > I need to configure this 1720 router to allow inbound TCP connections on
    > port 407 and directed to 192.168.1.28. This is a Timbuktu VPN pipe.
    >
    > Here is the simple config currently. Just running NAT.
    >
    > Thanks for the help.
    >
    > Dan
    >
    > !
    >
    > version 12.1
    >
    > service timestamps debug uptime
    >
    > service timestamps log uptime
    >
    > service password-encryption
    >
    > !
    >
    > hostname gatewayrt
    >
    > !
    >
    > no logging console
    >
    > enable secret 5 $1$EYzP$Fg5WeKMquS9QkZAT/hAPQ2
    >
    > !
    >
    >
    >
    > !
    >
    > memory-size iomem 25
    >
    > ip subnet-zero
    >
    > !
    >
    > ip audit notify log
    >
    > ip audit po max-events 100
    >
    > !
    >
    > !
    >
    >
    > interface Serial0
    >
    > ip address 67.165.0.126 255.255.255.252
    >
    > ip nat outside
    >
    > encapsulation frame-relay IETF
    >
    > no ip route-cache
    >
    > frame-relay interface-dlci 500
    >
    > frame-relay lmi-type ansi
    >
    > !
    >
    > interface FastEthernet0
    >
    > ip address 192.168.1.1 255.255.255.0
    >
    > ip nat inside
    >
    > speed auto
    >
    > full-duplex
    >
    > !
    >
    > ip nat pool graphic 67.165.33.97 67.165.33.97 netmask 255.255.255.240
    >
    > ip nat inside source list 1 pool graphic overload
    >
    > ip classless
    >
    > ip route 0.0.0.0 0.0.0.0 67.165.0.125
    >
    > no ip http server
    >
    > !
    >
    > access-list 1 permit any
    >
    > !
    >
    > line con 0
    >
    > transport input none
    >
    > line aux 0
    >
    > line vty 0 4
    >
    > password 7 11032C114142056D57
    >
    > login
    >
    > !
    >
    > no scheduler allocate
    >
    > end
    >
    >
     
    Ben, Apr 28, 2004
    #2
    1. Advertising

  3. ComputerMan

    ComputerMan Guest

    So can I use a command like this in addition to the config I have now or do
    I need to rework all the NAT and then use a command like you illustrated?

    I guess what I am saying is where do I go from here if I have the config
    listed below?

    Thanks!

    Dan

    "Ben" <> wrote in message
    news:YJDjc.1268$...
    > This configuration won't work for port forwarding.
    > You need to use static nat translation so the destination ports are
    > statically mapped (the same inside and outside) not arbritarily allocated.
    > e.g.
    >
    > ip nat inside source static tcp 192.168.1.28 407 interface serial 0 407
    >
    > "ComputerMan" <> wrote in message
    > news:aiBjc.43487$GR.6100892@attbi_s01...
    > > Group,
    > >
    > > I need to configure this 1720 router to allow inbound TCP connections on
    > > port 407 and directed to 192.168.1.28. This is a Timbuktu VPN pipe.
    > >
    > > Here is the simple config currently. Just running NAT.
    > >
    > > Thanks for the help.
    > >
    > > Dan
    > >
    > > !
    > >
    > > version 12.1
    > >
    > > service timestamps debug uptime
    > >
    > > service timestamps log uptime
    > >
    > > service password-encryption
    > >
    > > !
    > >
    > > hostname gatewayrt
    > >
    > > !
    > >
    > > no logging console
    > >
    > > enable secret 5 $1$EYzP$Fg5WeKMquS9QkZAT/hAPQ2
    > >
    > > !
    > >
    > >
    > >
    > > !
    > >
    > > memory-size iomem 25
    > >
    > > ip subnet-zero
    > >
    > > !
    > >
    > > ip audit notify log
    > >
    > > ip audit po max-events 100
    > >
    > > !
    > >
    > > !
    > >
    > >
    > > interface Serial0
    > >
    > > ip address 67.165.0.126 255.255.255.252
    > >
    > > ip nat outside
    > >
    > > encapsulation frame-relay IETF
    > >
    > > no ip route-cache
    > >
    > > frame-relay interface-dlci 500
    > >
    > > frame-relay lmi-type ansi
    > >
    > > !
    > >
    > > interface FastEthernet0
    > >
    > > ip address 192.168.1.1 255.255.255.0
    > >
    > > ip nat inside
    > >
    > > speed auto
    > >
    > > full-duplex
    > >
    > > !
    > >
    > > ip nat pool graphic 67.165.33.97 67.165.33.97 netmask 255.255.255.240
    > >
    > > ip nat inside source list 1 pool graphic overload
    > >
    > > ip classless
    > >
    > > ip route 0.0.0.0 0.0.0.0 67.165.0.125
    > >
    > > no ip http server
    > >
    > > !
    > >
    > > access-list 1 permit any
    > >
    > > !
    > >
    > > line con 0
    > >
    > > transport input none
    > >
    > > line aux 0
    > >
    > > line vty 0 4
    > >
    > > password 7 11032C114142056D57
    > >
    > > login
    > >
    > > !
    > >
    > > no scheduler allocate
    > >
    > > end
    > >
    > >

    >
    >
     
    ComputerMan, Apr 28, 2004
    #3
  4. ComputerMan

    Ben Guest

    No, overloading works fine in combination with the command I gave you.
    IOS will process the port forwarding nat rules first, so anything that
    doesn't fall into the category will be part of the overloading.


    "ComputerMan" <> wrote in message
    news:5IVjc.39708$YP5.2993898@attbi_s02...
    > So can I use a command like this in addition to the config I have now or

    do
    > I need to rework all the NAT and then use a command like you illustrated?
    >
    > I guess what I am saying is where do I go from here if I have the config
    > listed below?
    >
    > Thanks!
    >
    > Dan
    >
    > "Ben" <> wrote in message
    > news:YJDjc.1268$...
    > > This configuration won't work for port forwarding.
    > > You need to use static nat translation so the destination ports are
    > > statically mapped (the same inside and outside) not arbritarily

    allocated.
    > > e.g.
    > >
    > > ip nat inside source static tcp 192.168.1.28 407 interface serial 0 407
    > >
    > > "ComputerMan" <> wrote in message
    > > news:aiBjc.43487$GR.6100892@attbi_s01...
    > > > Group,
    > > >
    > > > I need to configure this 1720 router to allow inbound TCP connections

    on
    > > > port 407 and directed to 192.168.1.28. This is a Timbuktu VPN pipe.
    > > >
    > > > Here is the simple config currently. Just running NAT.
    > > >
    > > > Thanks for the help.
    > > >
    > > > Dan
    > > >
    > > > !
    > > >
    > > > version 12.1
    > > >
    > > > service timestamps debug uptime
    > > >
    > > > service timestamps log uptime
    > > >
    > > > service password-encryption
    > > >
    > > > !
    > > >
    > > > hostname gatewayrt
    > > >
    > > > !
    > > >
    > > > no logging console
    > > >
    > > > enable secret 5 $1$EYzP$Fg5WeKMquS9QkZAT/hAPQ2
    > > >
    > > > !
    > > >
    > > >
    > > >
    > > > !
    > > >
    > > > memory-size iomem 25
    > > >
    > > > ip subnet-zero
    > > >
    > > > !
    > > >
    > > > ip audit notify log
    > > >
    > > > ip audit po max-events 100
    > > >
    > > > !
    > > >
    > > > !
    > > >
    > > >
    > > > interface Serial0
    > > >
    > > > ip address 67.165.0.126 255.255.255.252
    > > >
    > > > ip nat outside
    > > >
    > > > encapsulation frame-relay IETF
    > > >
    > > > no ip route-cache
    > > >
    > > > frame-relay interface-dlci 500
    > > >
    > > > frame-relay lmi-type ansi
    > > >
    > > > !
    > > >
    > > > interface FastEthernet0
    > > >
    > > > ip address 192.168.1.1 255.255.255.0
    > > >
    > > > ip nat inside
    > > >
    > > > speed auto
    > > >
    > > > full-duplex
    > > >
    > > > !
    > > >
    > > > ip nat pool graphic 67.165.33.97 67.165.33.97 netmask 255.255.255.240
    > > >
    > > > ip nat inside source list 1 pool graphic overload
    > > >
    > > > ip classless
    > > >
    > > > ip route 0.0.0.0 0.0.0.0 67.165.0.125
    > > >
    > > > no ip http server
    > > >
    > > > !
    > > >
    > > > access-list 1 permit any
    > > >
    > > > !
    > > >
    > > > line con 0
    > > >
    > > > transport input none
    > > >
    > > > line aux 0
    > > >
    > > > line vty 0 4
    > > >
    > > > password 7 11032C114142056D57
    > > >
    > > > login
    > > >
    > > > !
    > > >
    > > > no scheduler allocate
    > > >
    > > > end
    > > >
    > > >

    > >
    > >

    >
    >
     
    Ben, Apr 29, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    2,640
  2. Jake
    Replies:
    0
    Views:
    408
  3. Jake
    Replies:
    0
    Views:
    426
  4. Justin

    Cisco 1720 NAT T1 config help

    Justin, Feb 2, 2006, in forum: Cisco
    Replies:
    2
    Views:
    3,067
    Justin
    Feb 2, 2006
  5. adam525

    1720 Port forwarding

    adam525, Sep 8, 2006, in forum: Cisco
    Replies:
    0
    Views:
    1,038
    adam525
    Sep 8, 2006
Loading...

Share This Page