PPTP and HTTP Port Forwarding with Static NAT on a Cisco Router
In this brief article, you'll learn how to configure PPTP and HTTP port forwarding on a Cisco router using static NAT to allow Internet users to connect to internal resources.
Copyright (c) 2008 Don R. Crawley
Recently, a student at one of our seminars asked about harbour forwarding on a router. She wanted to allow PPTP clients to connect from the outside to a VPN server on the inside. In this article, I'll diagram how to do it along with a quick look at using static NAT to forward packets to a web server.
Port Forwarding on a Cisco Router
Sometimes we have internal resources that occasion to be Internet-accessible such as Web servers, mail servers, or VPN servers. Generally, I recommend isolating those way in a DMZ to protect your office LANLocal Area Network. from the bad guys, however regardless of how you choose to arrangement it, the process involves forwarding desired packets from the router's out interface to an internal host. It's really a fairly simple process. Here's the configuration on a Cisco 2611 router:
interface Ethernet0/1
ip domicile 12.1.2.3 255.255.255.0
ip nat outside
!
interface Ethernet0/0
ip directions 192.168.101.1 255.255.255.0
ip nat inside
!
ip nat inside source list 101 interface Ethernet0/1 overload
ip nat inside source static tcp 192.168.101.2 1723 interface Ethernet0/1 1723
!
access-list 101 permit ip any any
In the above configuration, Ethernet 0/1 is connected to the public Internet with a static location of 12.1.2.3 and Ethernet 0/0 is connected to the inside network with a static label of 192.168.101.1. NAT outside is configured on E0/1 and NAT inside is configured on E0/0. Access-list 101 works in conjunction with the "ip nat inside source list 101 interface Ethernet0/1 overload" statement to permit all inside hosts to use E0/1 to connect to the Internet sharing whatever IP direction is assigned to interface Ethernet E0/1.
The "overload" statement implements PAT (Port Address Translation) which makes that possible. (PAT allows multiple internal hosts to share single address on an surface interface by appending altered port numbers to each connection.)
The statement "ip nat inside source static tcp 192.168.101.2 1723 interface Ethernet0/1 1723" takes incoming port 1723 (PPTP) requests on Ethernet0/1 and forwards them to the VPN server located at 192.168.101.2.
You could do something comparable with a Web server by changing port 1723 to port 80 or port 443. Here's what that would look like:
interface Ethernet0/1
ip superscription 12.1.2.3 255.255.255.0
ip nat outside
!
interface Ethernet0/0
ip inscription 192.168.101.1 255.255.255.0
ip nat inside
!
ip nat inside source dossier 101 interface Ethernet0/1 overload
ip nat inside source static tcp 192.168.101.2 80 interface Ethernet0/1 80
!
access-list 101 permit ip any any
In this example, the net server is located at 192.168.101.2 and instead of forwarding PPTP (port 1723) traffic, we're forwarding HTTP (port 80) traffic.
Obviously , you can configure your Cisco router in a similar manner to forward nearly any type of traffic from an outside interface to an internal host.
Source: Free Articles from ArticlesFactory.com
From: http://articlesfactory.com/articles/computers/pptp-and~.html
Added: February 18, 2008
- My free computers upgrade handle
- Microsoft Bantam Business Financials: support, upgrade, integration overview for consultant
- The Right Way to Remove Recent Files
- Technology and Market Structure of Virtual Network Games
- AOL Email Reverse Search- Are They Hard To Do?
- A Shop for Guide For Notebooks
- Tightening Windows PC Security with For nothing Software
- SAP Business One Demos Presentations overview for dodge owner
- Microsoft CRM 4.0 Generic Customization, Data Conversion, Integration overview
- How to Buy A HDD Player Online