I know you can nat all traffic on a port from outside to inside. ip nat inside source static udp 10.0.0.5 3389 200.100.200.111 3389 extendable
What I would like to do it take a specific external ip (153.56.10.25) talking on a specific port (23) and static NAT it to a specific IP (192.168.1.150) and port (23).
How can I accomplish this?
Thanks in advance!
Using exactly the same syntax as in your own example. Just substitute tcp/udp, the IP addresses and ports.
ip nat inside source static tcp 192.158.1.150 23 153.56.10.25 23
I *think* that the IP's are the right way around but it's been a while since I did NAT with IOS.
Chris.
that doesn't seem to work. I can do ip nat inside source static tcp 192.158.1.150 23 interface e0/1 23 (external interface) and it forwards all port 23 traffic to the inside host. But using the external host IP and port doesn't work. Any ideas?
chris wrote:
So if it works using the interface then why not do that?
Chris.
Because if I use the interface then 'all' traffic to port 23 from outside will be forwarded to inside. I only want it to forward a specific ip coming in on a specific port to a internal host.
chris wrote:
Then it sounds like what you are looking for is an ACL.
! interface ip nat outside ip access-group foo in ! ip nat inside source static tcp 23 8080 ! ip access-list foo permit tcp eq 8080 ip access-list foo deny tcp any eq 8080 ip access-list foo ... !
Your implementation details may vary.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.