Solved

NAT Specific IPs in Cisco router

Posted on 2011-09-27
7
424 Views
Last Modified: 2012-05-12
We have some IP addresses in a public DNS , assigned for different purposes for instance:
SMTP.mycompany.com =65.65.65.65
OWA.mycompany.com=66.66.66.66

we purchased the IPs listed above from the registrar.
I would like to know how to configure the NAT on Cisco router, so that when it receives:
65.65.65.65 on the external interface of the router it will NAT it and send it to 10.100.100.100 [our exchange Mailbox server IP]
66.66.66.66 on the external interface of the router it will NAT it and send it to 10.100.100.200 [our exchange Front End server IP]

How is this configured in Cisco Router?

thanks

0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 8

Accepted Solution

by:
psychogr earned 125 total points
ID: 36708660
You need to setup PAT on your cisco router.
Below are two links with two nice guides on how to setup NAT/PAT on your router.

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml

http://www.routergeek.net/content/view/39/37/

Hope that helps.
0
 
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 375 total points
ID: 36708676
Simplest version without specific port forwarding:
int INSIDEINTERFACENAME
ip nat inside

int OUTSIDEINTERFACENAME
ip nat outside

ip nat inside source static 10.100.100.100 65.65.65.65
ip nat inside source static 10.100.100.200 65.65.65.66

Open in new window

0
 

Author Comment

by:jskfan
ID: 36712216
I don't know if Port forwarding is mandatory..
The reason I am saying this because 65.65.65.65 will be an IP address reserved  for Exchange server email, when internet users send an email to mycompany.com
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 375 total points
ID: 36712293
Above commands will do a full nat for the addresses, e.g. providing all ports to the outside ... you may want to block unused ports with a firewall or at least packet filter ....
0
 

Author Comment

by:jskfan
ID: 36714749
do we need to specify the port [25], or  we don't need to, since 65.65.65.65 is always NATTED to exchange server IP address 10.100.100.100 ???

I also believe we just need to open port 25 for SMTP, 80, 443 foe secure SSL iused by OWA.
0
 
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 375 total points
ID: 36714759
That's what I meant ...

For just specific ports, do something like this:

ip nat inside source static tcp 10.100.100.100 25 65.65.65.65 25 extendable
ip nat inside source static tcp 10.100.100.100 80 65.65.65.65 80 extendable
ip nat inside source static tcp 10.100.100.100 443 65.65.65.65 443 extendable

Open in new window

0
 

Author Closing Comment

by:jskfan
ID: 36714976
Thanks Guys!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question