We need to be able to forward ports to destination address 192.168.10.5: Ports are: 25 80 110 443 4125 3389 needs to be allowed only from a specific wan ip x.x.x.x I have tried manipulating the access lists, applying nat translation rules, and followed some of cisco's tutorials on this, but have had no success. I am sure I am missing something very simple, but not sure what it is, any ideas? or just a step by step process recommendation would be helpful! thanks, and cheers! |
|||
 |
UC500.comCisco Communication Manager Express, UC520, SMB VOIP reference and community |
NAT/ACL
Your NAT config would be something like this:
ip nat inside source static tcp 192.168.10.5 80 interface FastEthernet0(or wan IP) 80
ip nat inside source static tcp 192.168.10.5 25 interface FastEthernet0 25
ip nat inside source static tcp 192.168.10.5 110 interface FastEthernet0 110
ip nat inside source static tcp 192.168.10.5 3389 interface FastEthernet0 3389
ip nat inside source list 1 interface FastEthernet0 overload
and your ACL
access-list 101 permit tcp any (wan ip) eq 80
access-list 101 permit tcp any (wan ip) eq 25
access-list 101 permit tcp any (wan ip) eq 110
access-list 101 permit tcp host (remote wan ip) (wan ip) eq 3389
ip nas inside static tcp
ip nat source inside static tcp 110 interface fa x/y 110 overload.
repeat for all ports needed. To limit rd to a single address only, either use route-map in ip nat, or configure ACL on the wan port.