16 years ago
port forward / NAT problem that I posted about last week. I would very much
appreciate if someone more knowledgeable than myself would take a look at my
config and see if I am missing any major holes.
The basic design spec is...
A device on the outside (192.168.1.148) must be able to:
respond to snmp queries from devices on the inside LAN (192.168.253.0/24)
send snmp traps to inside host 192.168.253.242
respond to telnet connections from devices on the inside LAN
respond to pings from devices on the inside LAN
It must not be able to initiate any connections to either the router or any
The inside hosts must see the outside host as if it was inside at IP
The router must respond to inside pings and telnet requests using the E0
secondary address 192.168.253.254
Note that my description reverses the interface NAT settings.
E0 is actually the inside interface despite the ip nat outside command. I
could not get nat working with ip nat inside on the E0 and ip nat outside on
the E1. If anyone can tell me why I would be grateful.
The config I have is...
ip address 192.168.253.254 255.255.255.0 secondary
ip address 192.168.253.148 255.255.255.0
ip access-group 101 in
ip nat outside
ip address 192.168.1.254 255.255.255.0
ip access-group 102 in
ip nat inside
ip nat inside source static 192.168.1.148 192.168.253.148 extendable
access-list 101 permit udp any host 192.168.253.148 eq snmp
access-list 101 permit icmp any host 192.168.253.148
access-list 101 permit icmp any host 192.168.253.254
access-list 101 permit tcp any host 192.168.253.148 eq telnet
access-list 101 permit tcp any host 192.168.253.254 eq telnet
access-list 102 permit udp host 192.168.1.148 any
access-list 102 permit icmp host 192.168.1.148 any echo-reply
access-list 102 permit tcp host 192.168.1.148 any established