Allow WAN access to LAN server Howto?

Discussion in 'Cisco' started by mikeyb, Aug 7, 2006.

  1. mikeyb

    mikeyb Guest

    I want to allow access to a service on an internal server by users on
    the internet.

    I have a cisco 1700 with version 12.3.

    I believe I need to add a NAT statement to my config and at least 1
    hole in my access-list rules to allow access to the service.

    For the sake of this post I'm using POP3 as the service.

    My (part) config follows with the lines I think I need to add with ****
    at the begining:

    interface FastEthernet0
    description Connection to Internet
    ip address "WAN IP" 255.255.255.248
    ip access-group 199 in
    ip nat outside
    duplex auto
    speed auto
    crypto map cm-cryptomap
    !
    interface FastEthernet1
    no ip address
    !
    interface Vlan1
    ip address "host ip" 255.255.255.0
    ip access-group 101 in
    ip nat inside
    ip inspect fwinspect in
    !
    ip nat inside source route-map nonat interface FastEthernet0 overload
    ***ip nat inside source static "mail server" 110 "WAN IP" 110
    extendable
    !
    access-list 101 permit ip any "local net" 0.0.0.255
    access-list 101 permit tcp host "mailserver" any eq smtp
    access-list 101 permit tcp any any eq www
    access-list 101 permit tcp any any eq 8080
    access-list 101 permit tcp any any eq ftp
    access-list 101 permit tcp any any eq ftp-data
    access-list 101 permit tcp any any eq nntp
    access-list 101 permit udp any any eq domain
    access-list 101 permit tcp any any eq pop3
    access-list 101 permit tcp any any eq 443
    access-list 101 permit tcp any any eq 1863
    access-list 101 permit tcp any any eq telnet
    access-list 101 permit tcp any any eq 123
    access-list 101 permit tcp any any eq 8443
    access-list 101 permit tcp any any eq 8005
    ***** access-list 101 permit tcp "mail server" any eq 110
    access-list 101 deny ip any any
    access-list 199 remark SDM_ACL Category=17
    access-list 199 permit vpn stuff
    ****access-list 199 permit any "WAN IP" eq 110

    Thanks for any help you can offer.

    Mike
    mikeyb, Aug 7, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. yar
    Replies:
    4
    Views:
    1,575
    Juan Carlos \(El fortinero\)
    Sep 21, 2004
  2. Jon L. Miller
    Replies:
    1
    Views:
    16,426
    Dumbkid
    Feb 7, 2005
  3. Euclides
    Replies:
    6
    Views:
    2,555
    Euclides
    Jan 26, 2006
  4. thrill5
    Replies:
    3
    Views:
    1,082
    stephen
    Jul 22, 2006
  5. Replies:
    1
    Views:
    560
    stephen
    Jul 26, 2006
Loading...

Share This Page