Need sample config for a Cisco 1921

Several years since I did any Cisco routers.

I am familiar with the mechanics of programming them, but lots has changed.

Can anyone provide a sample config for a basic configuration NAT, with normal port forwards (25, 80, 443, 3389, etc...)

Thanks
DagwoodBumsteadAsked:
Who is Participating?
 
WissamSenior Network EngineerCommented:
i agree with the beggining of the configurations
int f0/0
ip address 192.168.1.1 255.255.255.0
 ip nat inside
int f0/1
ip address 64.100.90.1 255.255.255.0
 ip nat outside

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface f0/1 overload

However the static mapping works as:
ip nat inside source static tcp (Inside Local IP add) (local_PORT) (Inside Global IP add) (global_PORT)
So it will be
!static ip addresses
ip nat inside source static tcp  192.168.1.20 25 64.100.90.1 25
ip nat inside source static tcp 192.168.1.21 80 64.100.90.1 80
ip nat inside source static tcp 192.168.1.22 443 64.100.90.1 443
ip nat inside source static tcp 192.168.1.23 3389 64.100.90.1 3389
0
 
rfc1180Commented:
something like:

int f0/0
ip address 192.168.1.1 255.255.255.0
 ip nat inside
int f0/1
ip address 64.100.90.1 255.255.255.0
 ip nat outside

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface f0/1 overload

!static ip addresses
ip nat inside source static tcp 64.100.90.1 25 192.168.1.20 25
ip nat inside source static tcp 64.100.90.1 80 192.168.1.21 80
ip nat inside source static tcp 64.100.90.1 443 192.168.1.22 443
ip nat inside source static tcp 64.100.90.1 3389 192.168.1.23 3389

Billy


0
 
rfc1180Commented:
>However the static mapping works as:
ip nat inside source static tcp (Inside Local IP add) (local_PORT) (Inside Global IP add) (global_PORT)


agreed, did not catch that mistake
0
 
DagwoodBumsteadAuthor Commented:
Thanks for the responses... in the snippet above, is all egress from the network allowed, or do I need to specify to allow some ports to leave the network?
0
 
WissamSenior Network EngineerCommented:
        access-list 1 permit 192.168.1.0 0.0.0.255
Allow traffic from internal LAN pcs to internet

While:!static ip addresses:
         ip nat inside source static tcp  192.168.1.20 25 64.100.90.1 25  
from internet to 64.100.90.1 port 25 to be destined to Server 192.168.1.20 port 25...
etc
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.