1720 Config Help. NAT and Port Forwarding...

Group,

I need to configure this 1720 router to allow inbound TCP connections on
port 407 and directed to 192.168.1.28. This is a Timbuktu VPN pipe.

Here is the simple config currently. Just running NAT.

Thanks for the help.

Dan

!

version 12.1

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname gatewayrt

!

no logging console

enable secret 5 $1$EYzP$Fg5WeKMquS9QkZAT/hAPQ2

!



!

memory-size iomem 25

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

!

!


interface Serial0

ip address 67.165.0.126 255.255.255.252

ip nat outside

encapsulation frame-relay IETF

no ip route-cache

frame-relay interface-dlci 500

frame-relay lmi-type ansi

!

interface FastEthernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

speed auto

full-duplex

!

ip nat pool graphic 67.165.33.97 67.165.33.97 netmask 255.255.255.240

ip nat inside source list 1 pool graphic overload

ip classless

ip route 0.0.0.0 0.0.0.0 67.165.0.125

no ip http server

!

access-list 1 permit any

!

line con 0

transport input none

line aux 0

line vty 0 4

password 7 11032C114142056D57

login

!

no scheduler allocate

end

 

This configuration won't work for port forwarding.
You need to use static nat translation so the destination ports are
statically mapped (the same inside and outside) not arbritarily allocated.
e.g.

ip nat inside source static tcp 192.168.1.28 407 interface serial 0 407

 

So can I use a command like this in addition to the config I have now or do
I need to rework all the NAT and then use a command like you illustrated?

I guess what I am saying is where do I go from here if I have the config
listed below?

Thanks!

Dan

 

No, overloading works fine in combination with the command I gave you.
IOS will process the port forwarding nat rules first, so anything that
doesn't fall into the category will be part of the overloading.