Port ing on a Cisco Router

First, give an environment:
Cisco router Intranet interface s1/0: 192.168.1.1 255.255.255.0
Internet interface s1/1: 10.0.0.1 255.255.255.0
Server ip Address: 192.168.1.100
First telnet to the vrotelnet:
User Access Verification

Username: cisco # enter the user name
Password: # enter the Password
Router> en # Enter privileged Mode
Password: # enter the privileged mode Password
Router # conf t # enter global configuration mode
Enter configuration commands, one per line. End with CNTL/Z.
Router (config) # access-list 1 permit 192.168.1.0 0.0.255 # create an access control list for nat Translation
Router (config) # ip nat inside source list 1 interface s1/1 # create a NAT translation to convert the address of 192.168.1.0 to the address of interface s1/1
Router (config) # int s1/0 # Enter interface mode
Router (config-if) # ip nat inside # Set s1/0 as an internal NAT Interface
Router (config-if) # int s1/1 # enter the interface mode of S1/1
Router (config-if) # ip nat outside # Set S1/1 as a NAT external interface
Router (config-if) # exit
Router (config )#

Now that NAT is enabled, you can access the Internet through the Intranet.

Now start port ing to allow Internet access to the Intranet Server:

Router (config) # ip nat inside source static tcp 192.168.1.100 5631 10.0.0.1 5631 extendable
Router (config) # ip nat inside source static tcp 192.168.1.100 5632 10.0.0.1 5632 extendable # because the address 10.0.0.1 has been applied to the s1/1 interface and NAT translation address, the keyword extendable must be added here; otherwise, an error is returned. If another Internet ip address is used, for example, 10.0.0.2, extendable is not added here.

Now machines on the internet can access the Intranet.
Run the show ip nat translations command to view nat translation information.
You can also find related configurations for show run.
Router (config) # exit the global configuration mode and use the show command in privileged mode.
Router # sho ip nat translations
Pro Inside global Inside local Outside global
Tcp 10.0.0.1: 23 192.168.1.100: 23 ------
Tcp 10.0.0.1: 23 192.168.1.100: 23 10.0.0.2: 48268 10.0.0.2: 48268
Tcp 10.0.0.1: 5631 192.168.1.100: 5631 ------
Tcp 10.0.0.1: 5632 192.168.1.100: 5632 ------
Appendix: to delete a command, you only need to add "no" before the command.

 

Note: It seems a simple thing. Who knows it is actually a lot of trouble, not the above steps? They are all right, but there is a problem, the IP address exported by our company is dynamic. After each configuration, the device is restarted and the IP address changes again. If so, the device is stuck in a strange circle of "chicken eggs and eggs, it has not been around for a long time.

PS: does it take effect only after Cisco modifies the configuration?

If I have not restarted the NAT service, the NAT service has been successfully added. However, the NAT service cannot be connected from the external access. I do not know what the reason is, please kindly advise if you have any answers.

Currently, VPN is used in disguised form for project demonstration, but this problem is still very confusing ~

The boiled beans say that the Internet address is changed to S1/1, and there is no chance to test it. I hope it can be solved!

Thank you for your advice and help. I have spent most of my time. Thank you!

This article is from the "no trace of warm moon" blog