Sunday, January 22, 2012

How To Configure A Static NAT Translation On A Cisco IOS Router

Have you ever needed to get to a web server or email server from the outside of your network, and you didn't have a firewall in place, but you had IOS router instead?  I have seen where there have been IOS routers in place for access to the public network instead of an ASA.  Nothing wrong with that if the proper security is in place, but I wanted to cover how you would access a server from the outside if you needed to.  You would do this with a static NAT translation and the proper security ACL.  Lets work with an www server. 

First, make sure a couple of things are in place:
interface GigabitEthernet0/0
 description -------- To Internet ----------------
 ip address
 ip nat outside                                             <----------- Make sure you have your
ip access-group 110 in                                <---------- Make sure you have proper security

Lets look at the ACL:
access-list 110 permit tcp any eq www

Lets put our static nat translation in.  Ltes say our www server is on the inside.  Our public is  Here is the command:
ip nat inside source static