Cisco 12.2 natting

[TT2]

gang I have a 2620 with 2 ether interfaces. One is configured with an outside address with a vpn tunnel to another router via the net. the other interface is on the inside with a web server behind it. Now anyone on the other side of this tunnel has access to the web server on the inside interface.( works fine) What I want to do is give access to the outside for specific ips to access this same web server obviously they have nothing to do with the vpn tunnel. Any suggestions? my extended access lists dont seem to give this outside ip access to the inside web server.Thanks for all replies
TT2

 

[ChrisAC]

A static NAT will do that ..

ip nat inside source static tcp <web_server_IP> 80 interface <outside_int> 80

You would also need to write an access list that allows access to the web server on port 80 from either anywhere or specific IP's and apply it inbound on the external interface.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[TT2]

Chris thanks for the prompt reply. I just have a quick question regarding the ip nat. My outside address has a tunnel to another router that has nothing to do with what I am trying to do. Will creating this ip nat effect the tunnel and I'll assume I will use the same outside address that the tunnel uses? is this correct? Thanks

PS I already have the access list created for the inbound traffic but I didn't want to write it until I knew it wouldn't effect the tunnel.

TT2

 

[ChrisAC]

Not sure! Only one way to find out .... try it.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[experimenter]

Would you please give a try to

ip nat inside source static tcp <web_server_IP> 80 <tunnel_int i.e t0,t1,...> 80

Experimenter