PPTP and HTTP Port Forwarding with Static NAT on a Cisco router

Recently a student asked one of our seminars on port forwarding on a router. Its purpose was to connect clients to a server outside the internal PPTP VPN on this. This article will explain how to come together with a brief look at the static NAT for packets to be transmitted to a web server.

Port forwarding on a Cisco router

Sometimes we have internal resources that should be accessible from the Internet, such as web servers, mail servers or VPN servers.recommending isolate Typically these resources in a DMZ to the LAN of the office for protection from evil, but regardless of how you choose to create, the process of packet forwarding, the router interface belongs requested outside of an internal host . It 's really a fairly simple process. Here is the configuration of a Cisco 2611:

Interface Ethernet0 / 1

IP address 12.1.2.3 255.255.255.0

ip nat outside

!

Interface Ethernet0 / 0

IP Address192.168.101.1 255.255.255.0

IP NAT inside

!

ip nat inside source interface Ethernet0 list 101 / 1 overload

ip nat inside source static TCP 192.168.101.2 1723 interface Ethernet0 / 1 1723

!

access-list 101 permit ip any any

In the above configuration is Ethernet 0 / 1 over the internet with a static address of 12.1.2.3 and Ethernet 0 / 0 is connected to the internal network with a static address 192.168.101.1. Outside NAT configured on E0 / 1inside and NAT is configured on E0 / 0. Access-list 101 works in collaboration with the "IP NAT inside source interface Ethernet0 list 101 / 1 overload" statement to permit hosts E0 / 1 to use to access Internet Sharing, which has assigned IP address Ethernet E0 / 1 interface. connect

The statement "overload" implements PAT (Port Address Translation) which makes it possible. (PAT allows multiple internal hosts to a single address on an external interface by adding different partsThe port numbers for each connection.)

The "ip nat inside source static TCP 192.168.101.2 1723 interface Ethernet0 / 1 1723" statement takes the incoming port 1723 (PPTP) requests on Ethernet0 / 1 and forwards it to the VPN server is 192.168.101.2.

It could be something similar with a Web server using port 1723 to port 80 or to the 443rd's what it would look like this:

Interface Ethernet0 / 1

IP address 12.1.2.3 255.255.255.0

ip natoutside

!

Interface Ethernet0 / 0

IP address 192.168.101.1 255.255.255.0

IP NAT inside

!

ip nat inside source interface Ethernet0 list 101 / 1 overload

ip nat inside source static TCP 192.168.101.2 interface Ethernet0 80 / 1 80

!

access-list 101 permit ip any any

In this example, the Web server are on 192.168.101.2 and instead of forwarding PPTP (port 1723) traffic, we redirect HTTP (port 80) traffic.

Of course, you canCisco router configuration in a similar way forward to accommodate almost any type of traffic from an external interface to an internal one.

Copyright (c) 2008 Don R. Crawley

Visit : MP3 Player logitech webcam HP Pavilion Battery

Labels: , , Posted by tun at 5:15 AM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger