Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco 5505 NAT Question

Posted on 2013-01-22
3
548 Views
Last Modified: 2013-01-22
This should be an easy one for the experts out there...  I'm a beginner on Cisco devices and looking for the right commands to run to accomplish what I need to do.  

I have port forwarding set up and it was working but now one of the internal devices has changed IP addresses and I need to change the route to reflect the change...

I had:
static (inside,outside) tcp interface 8080 192.168.10.245 www netmask 255.255.255.255

And now the internal IP is not .245,  but .246 and I need to get it changed.

I also need to set up additional ports forwarding to additional internal IPs so if you could help me with the access lists, that would be great.  Currently, they look like this:

access-list outside_in extended permit tcp any host <outside address> eq 8080

Thank you!
Don
0
Comment
Question by:dcotriss
3 Comments
 
LVL 25

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 38807114
config t
no static (inside,outside) tcp interface 8080 192.168.10.245 www netmask 255.255.255.255
static (inside,outside) tcp interface 8080 192.168.10.246 www netmask 255.255.255.255
Also issue the following command to clear the translation table:
clear xlate

To add addition entries do this

static (inside,outside) tcp interface xxx 192.168.10.yyy zzz netmask 255.255.255.255

xxx = dest port that something external will use to hit
yyy = last octet of internal host that will receive the request
zzz = dest port that the internal host will respond to

note xxx can be the same as yyy

For the ACL do this:

access-list outside_in extended permit tcp any host <outside address> eq 8080

just add a line for the new entry and change 8080 to whatever was xxx in the above example.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38807159
Remember that for the additional ports you don't only need an ACL entry but a static as wel:

static (inside,outside) tcp interface/outside_addres outside_port inside.address inside_port netmask 255.255.255.255

access-list outside_in extended permit tcp any host outside_address eq outside_port
0
 

Author Comment

by:dcotriss
ID: 38807466
Thank you guys...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question