Today i was trying to configure port forwarding in one of my client's office. They wanted me to forward ports like 5000 and 6000. I was given the GUI access of the cisco router 2900 series. I could not see any options for NAT or ACL there. I doubt we can't forward ports from that particular router. Help me if there is any way we can do that via CLI.
My private ip is 172.16.32.250 and my private is 5.6.7.8. When someone does 5.6.7.8:5000 from their browser outside the office, i want them to have the interface of my biometric devices. I want TCP 5000 to be opened/forwarded.
Is it not called port forwarding? Please help me understand this concept better.
Please help
Best Answer
You can absolutely do Network Address Translation on the 2900.
Cisco has a public document here: http://www.cisco.com/c/en/us/support/docs/long-reach-ethernet-lre-digital-subscriber-line-xdsl/asymmetric-digital-subscriber-line-adsl/12905-827spat.html
I'm not certain what you would be doing with forwarding 5000 and 6000 into the network, but I suppose that's their business. However it might be helpful if we knew what they are trying to accomplish.
I've never used the GUI to configure a IOS router. I suggest using the CLI. The command:
will list your interfaces and help you determine that is inside vs outside.
Edit your inside interface, adding the line ip nat inside
Do the same with your outside interface but make sure you tell the router this is the outside NAT interface.
Tell the router what you want to NAT with an access list
Build the access list. An extended access list is required if you want to specify the port.
EDIT
I'll use 1.2.3.4 as the public IP the server on the internet side of the router. Make sure you identify what the IP reaching out to the biometric device is... I put "any" in the above example, but it's just an example. I prefer not to use "any" if at all possible.
If TCP:
If UDP:
END OF EDIT
After the Permit, you can specify the protocol (TCP, UDP, ICMP, ESP, etc) or everything with IP. You can use host and an IP or IP address + subnet mask.