Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 1600 - NAT & Port Forwarding?

Status
Not open for further replies.
ElijahBaley

ElijahBaley

IS-IT--Management
May 4, 2001
1,598
GB

Hi

Just wondered if the 1600 series were capable of Network Address Translation and Port Forwarding.

What I want to do is assign a public IP address to an interface and have an access list or whatever forward to an internal reserved IP address allowing connections on only the specified ports.

Thanks

EB
 
Sort by date Sort by votes
EB,
The c1600 can do NAT if you are running IP Plus. There are several basic forms of NAT. Here is a quick overview.

1. Static NAT. - Maps internal (private) address to public (registered) address one-to-one.

2. Dynamic NAT. - Maps several internal addresses to a group of public addresses.

3. Overloading (PAT) - Maps several internal addresses to a single public address using different ports (PAT).

4. Overlapping - Used if your internal network has registered addresses which need to be mapped to other public addresses.

Decide which scenario (most likely 1 2 or 3) suits your network and we can post some sample configs for that particular form of NAT.

JimmyZ
 
Upvote 0 Downvote
Thanks JimmyZ,

I think that option 1 will suite but I like the sound of 3, I assume that after I have mapped the IP's then an extended access list will provide the security of only allowing connections from hosts to specific ports?

What is IP Plus?

Some example configs would be very helpful and interesting, thanks again for your help,

EB
 
Upvote 0 Downvote
EB,

For static NAT:

1. Setup the NAT statement:
Router(config)>ip nat inside source static <private IP> <public IP>

2. Apply NAT to internal ethernet (private):
Router(config-if)ip nat inside

3. Apply NAT to external ISP interface (public):
Router(config-if)ip nat outside

4. Create access-list as appropriate eg.:
Router(config)>access-list 100 permit ip any host <NAT IP of server> eq <port>

5. Apply the access-list to the external interface.
Router(config-if)>ip access-group 100 in

If you do a show ip nat translation, it will show you your current NAT config.

JimmyZ
 
Upvote 0 Downvote
EB,
In addition to the above post, IP Plus is the feature set of the IOS image on your router. The basic IOS is IP (only). IP Plus allows you to run addtional IOS features such as NAT, OSPF, BGP etc.. Likewise to run VPN or Firewall features, you need to acquire the IOS feature set for those functions (ie. IP Plus/FW/IDS/IPSEC56).

So you'll need to do a show version to check you current IOS version, and goto the cisco site to confirm the feature set for that IOS image using there IOS feature matrix util.

JimmyZ
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Locked
  • Question
Cisco RV042G router
Replies
0
Views
304
Blackybear
Blackybear
B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
388
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
786
nt8d09
nt8d09
CPM86
  • Locked
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
539
CPM86
CPM86
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
489
Zero6
Zero6

Part and Inventory Search

Sponsor

Back
Top