• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

Cisco NAT and port forwarding

I have a Cisco 1801 and I'm trying to forward one port to two internal ip addresses.

I need to send incoming traffic on TCP port 443 to 192.168.200.20 & 192.168.200.21

My current NAT config is attached

Any ideas?

 nat.txt
0
andrewprouse
Asked:
andrewprouse
1 Solution
 
Kruno DžoićSystem EngineerCommented:
You can only forward traffic to a single IP address.
0
 
pilson66Commented:
tou do not to add same port to more than one ip-address.
use differrent ports.
0
 
andrewprouseAuthor Commented:
That's the conclusion I was coming to, the issue I have is that I need to forward port 443 to different interfaces on my MS Forefront TMG for Exchange and Lync.

Is there definitely no alternative?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
d33mCommented:
I hope this can help you:

Avoiding Server Overload Using Load Balancing

In the following example, the goal is to define a virtual address, connections to which are distributed among a set of real hosts. The pool defines the addresses of the real hosts. The access list defines the virtual address. If a translation does not already exist, TCP packets from serial interface 0 (the outside interface) whose destination matches the access list are translated to an address from the pool.

ip nat pool real-hosts 192.168.15.2 192.168.15.15 prefix-length 28 type rotary

ip nat inside destination list 2 pool real-hosts

!

interface serial 0

 ip address 192.168.15.129 255.255.255.240

 ip nat outside

!

interface ethernet 0

 ip address 192.168.15.17 255.255.255.240

 ip nat inside

!
access-list 2 permit 192.168.15.1


source: http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1073492
0
 
andrewprouseAuthor Commented:
D33M - That's really interesting.

Do you happen to know how it decides which 'real host' to forward the data to?

i.e.  If the traffic goes to the wrong 'real host', is it then retransmitted to the correct 'real host' or is it luck of the draw?
0
 
d33mCommented:
A dynamic form of destination translation can be configured for some outside-to-inside traffic. Once a mapping is set up, a destination address matching one of those on an access list will be replaced with an address from a rotary pool. Allocation is done in a round-robin basis, performed only when a new connection is opened from the outside to the inside.

better to check it on real router, unfortunately I have no router for test now :(

so I hope you can check this and share your comments with us ))
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now