Cisco 2821 Port Forwarding

I wanted to make sure my config for port forwarding will work.  The ISP router is in bridge mode and I will have a Cisco 2821 sitting behind it handling the Internet and port forwarding.  I fairly comfortable forwarding ports on a PIX, but I have come to realize that I haven't had to forward too many ports on an actual router.  The objective is pretty simple,  Internet access for everyone and open up a few ports for Terminal Server, etc.

Here's what I have:

interface fastethernet 0/0
description Public IP address
ip address xxx.x.xx.106 255.255.255.248
ip nat outside
duplex auto
speed auto
no shut

interface fastethernet0/1
speed 100
full-duplex
no shut

interface fastethernet0/1.100
description DATA VLAN
encapsulation dot1q 100 native
ip address 192.168.0.1 255.255.255.0
ip nat inside
no shut

ip route 0.0.0.0 0.0.0.0 xxx.x.xx.105

ip nat pool poolone xxx.x.xx.106 xxx.x.xx.106 netmask 255.255.255.248
ip nat inside source list 20 pool poolone overload
ip nat inside source static tcp 192.168.0.11 3389 xxx.x.xx.106 3389 extendable

access-list 20 permit 192.168.0.0 0.255.255.255

Thanks for your time and help!
LVL 4
jplagensAsked:
Who is Participating?
 
trinak96Commented:
Hi,
 
I would remove "p nat pool poolone xxx.x.xx.106 xxx.x.xx.106 netmask 255.255.255.248"
Change "ip nat inside source list 20 pool poolone overload" to : ip nat inside source list 20 interface fa0/0 overload
access-list 20 permit 192.168.0.0 0.0.0.255

Port forward looks good.
0
 
rsivanandanCommented:
Agree with the above, just copy paste these;

no ip nat nat pool poolone xxx.x.xx.106 xxx.x.xx.106 netmask 255.255.255.248
ip nat inside source list 20 int fa0/0 overload

ip nat inside source static tcp 192.168.0.11 3389 xxx.x.xx.106 3389 extendable

Cheers,
Rajesh
0
 
rsivanandanCommented:
Also don't forget to do this immediately to clear the existing translations;

clear ip nat translations *

Cheers,
Rajesh
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
jplagensAuthor Commented:
Thanks for the help.  I set this up today and everything worked perfectly.

One more quick question.  What if I need to use a second public IP address such as xxx.x.xx.107 for another port?  Do I just add it such as:

ip nat inside source static tcp 192.168.0.100 443 xxx.x.xx.107 443 extendable

0
 
rsivanandanCommented:
Yes Sir.

Cheers,
Rajesh
0
 
tbrowerCommented:
Hi I found this thread and I have a question, I have created a host A record to my Firewall but when I attempt the URL I am prompted for login credentials to the router through SDM .. Any idea on how to resolve this ?

Your help is appreciated

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.