PPTP and HTTP Port Forwarding with Static NAT on a Cisco router

Recently a student asked one of our seminars on the port forwarding on a router. She wanted to PPTP clients from outside to a VPN server on the get in touch. In this article I will explain how to do it together with a brief look at using static NAT traffic to a web server.

Port Forwarding on a Cisco router

Sometimes we have the internal resources that it be Internet access, such as Web servers, mail servers or VPN servers.In general, I recommend isolating those resources in a DMZ to protect your corporate network from the bad, but regardless of how you choose your design, the process goes forward packages you want from the outside interface of the router to an internal host. It's really quite simple. Here is the configuration on a Cisco 2611 router:

interface Ethernet0 / 1

IP address 12.1.2.3 255.255.255.0

ip nat outside

!

Interface Ethernet0 / 0

IP Address192.168.101.1 255.255.255.0

ip nat inside

!

ip nat inside source list 101 interface Ethernet0 / 1 overload

ip nat inside source static tcp 192.168.101.2 1723-interface Ethernet0 / 1 1723

!

access-list 101 permit ip any any

In the above configuration is Ethernet 0 / 1, is connected to the public Internet with a static address of 12.1.2.3 and Ethernet 0 / 0, connected within the network with a static address 192.168.101.1. NAT is outsideconfigured E0 / 1 and NAT inside is configured on E0 / 0 Access-list 101 works in conjunction with the "ip nat inside source list 101 Ethernet0 / 1 overload" statement to allow to use all the hosts within the E0 / 1 interface to the common use of the Internet, which is assigned the IP address of Ethernet -connect interface to connect to E0 / 1.

The "overload" statement implements PAT (Port Address Translation) which makes this possible. (PAT allows multiple internal hosts to single address on an external interface of sharesAnnexes different port numbers for each port.)

The statement "ip nat inside source static tcp 192.168.101.2 1723-interface Ethernet0 / 1 1723" takes incoming port 1723 (PPTP) requests on Ethernet0 / 1 and forwards them to the VPN server is 192.168.101.2.

You could do something similar with a Web server by using port 1723 443. on port 80 or port Here's what would look like:

interface Ethernet0 / 1

IP address 12.1.2.3 255.255.255.0

ipnat outside

!

Interface Ethernet0 / 0

IP address 192.168.101.1 255.255.255.0

ip nat inside

!

ip nat inside source list 101 interface Ethernet0 / 1 overload

ip nat inside source static tcp 192.168.101.2 80 interface Ethernet0 / 1 80

!

access-list 101 permit ip any any

In this example, the Web server is located at 192.168.101.2 and instead of forwarding PPTP (port 1723) traffic, we will forward HTTP (port 80)Traffic.

Of course, you can configure your Cisco router in a similar manner so that almost any type of traffic from an external interface helps us to an internal host.

Copyright (c) 2008 Don R. Crawley

mp3 2gb Game

Labels: , , , , , , Posted by tun at 3:07 AM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger