1. Home
  2. Cisco Systems
  3. How to set up a PAT rule on a Cisco 837

How to set up a PAT rule on a Cisco 837

Can anyone give me guidance or point me to some documentation (with examples) on setting up PAT rules on the 837. I need a rule to translate incomming traffic on port 22 to port 16955 on a server connected to the DMZ port (ethernet2) of my

837.

This was quite easy to do on a Linksys or Vigor ADSL router (pseudo DMZ notwithstanding) but seems to be rather more difficult to acheive on an 837. I have looked at Cisco's documentation (via Google search) but I haven't found anything that explains this in an easy to understand manner.

Thanks in advance.

Reply to
John Chajecki
Loading thread data ...

John,

Hi.

It's a long time since I did this on my home connection, it's changed now, however, from memory I recall that I had to mess around somewhat. To save yourself time check out the following example based on a Cisco 827, the basics should be similar.

formatting link
The bits I pieced together from my old config were something like:

interface Dialer0 description +++ Connection To ISP ADSL +++ ip address xxx.xxx.xxx.xxx 255.255.255.240 (or ip address negotiated) ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname snipped-for-privacy@xxxx.xxxxxxx.co.uk ppp chap password xxxxxxxx !

My PAT entries were something like:

ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 10.10.10.10 443 interface Dialer0 443 ip nat inside source static tcp 10.10.10.10 23 interface Dialer0 23 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ip http server ip http secure-server

Your source list (1) of course would be your LAN range going out. The statics represent a LAN host and port number that were mapped.

I can't find the old access-list that I had but had an entry in from the outside (tied to Di0) permitting the relevant traffic back in. Again the link supplied will give you a full picture. Best to add the IP inspect stuff as well for additional security.

HTH.

Regards

Darren

Reply to
Darren Green

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.