Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

question about static nat addition to my config

Status
Not open for further replies.
framewraith

framewraith

IS-IT--Management
Joined
Feb 13, 2004
Messages
4
Location
US
here is my current config

Using 1209 out of 29688 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname wwent
!
enable password
!
memory-size iomem 25
ip subnet-zero
ip name-server 151.164.67.201
ip name-server 151.164.1.8
!
!
!
!
!
interface FastEthernet0
description TO LOCAL LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
description SBIS CKT 44.HXGM.001138/SBIS 1-888-212-5411
no ip address
encapsulation frame-relay IETF
fair-queue 64 256 0
service-module t1 timeslots 1-6
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
ip address 151.x.69.106 255.255.255.252
ip nat outside
frame-relay interface-dlci 16
!
ip nat pool pool1 216.x.21.209 216.x.21.212 netmask 255.255.255.240
ip nat inside source list 1 pool pool1 overload
ip nat inside source static 192.168.0.218 216.x.21.222
ip classless
ip route 0.0.0.0 0.0.0.0 151.x.69.105
no ip http server
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
line con 0
password
logging synchronous
login
line aux 0
password
login
transport input all
flowcontrol hardware
line vty 0 4
password
login
!
no scheduler allocate
end

to add my mail server ip do i just need to add the following:

ip nat inside source static 192.168.0.215 216.x.21.215

or do I need to add something else?
i am going to have to access lots of different ports because i need to enable webmail ( https ) as well as the standardpop/smtp ports.

i am new to cisco routers so a step by step would be helpful thanks.
 
Sort by date Sort by votes
That would work but if this is an internet connection then you should maybe get a bit more protective and only map the ports that are needed. Otherwise without any additional ACL's or firewalling the machines that have static NAT's set up are open to attack. To only allow SMTP to your mail server map the TCP Port instead of just the IP address:

ip nat inside source static tcp 192.168.0.215 25 216.x.21.215 25

Andy
 
Upvote 0 Downvote
ok
so i need to find out what ports to allow, such as 25, 110, and whatever the webmail (https) port runs on

do i also have to make access lists or can i just map each port first and then add access lists later?


and this line can be added anywhere?? or does it go wherte the others are?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
512
DavetheChef
DavetheChef
Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
497
Zero6
Zero6
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
393
badwolf1686
B
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
545
CPM86
CPM86
Luzbel
  • Locked
  • Question Question
Connecting HVAC controller to network
Replies
0
Views
568
Luzbel
Luzbel

Part and Inventory Search

Sponsor

Back
Top