Article Directory :: Computers & Technology Articles

PPTP and HTTP Port Forwarding with Static NAT on a Cisco Router

Copyright © 2009 Don R. Crawley

Subscribe to Don R. Crawley's RSS feed using any feed reader!

Republish: EasyPublish
Published: 18Feb2008
Word count: 456
Viewed: 698 time(s)
Bookmark this article using any bookmark manager!
Get Free Content For Your Site

Recently, a student at one of our seminars asked about port forwarding on a router. She wanted to allow PPTP clients to connect from the outside to a VPN server on the inside. In this article, I'll explain how to do it along with a quick look at using static NAT to forward packets to a web server.

Port Forwarding on a Cisco Router

Sometimes we have internal resources that need to be Internet-accessible such as Web servers, mail servers, or VPN servers. Generally, I recommend isolating those resources in a DMZ to protect your office LAN from the bad guys, but regardless of how you choose to design it, the process involves forwarding desired packets from the router's outside interface to an internal host. It's really a fairly simple process. Here's the configuration on a Cisco 2611 router:

interface Ethernet0/1
ip address 12.1.2.3 255.255.255.0
ip nat outside
!
interface Ethernet0/0
ip address 192.168.101.1 255.255.255.0
ip nat inside
!
ip nat inside source list 101 interface Ethernet0/1 overload
ip nat inside source static tcp 192.168.101.2 1723 interface Ethernet0/1 1723
!
access-list 101 permit ip any any

In the above configuration, Ethernet 0/1 is connected to the public Internet with a static address of 12.1.2.3 and Ethernet 0/0 is connected to the inside network with a static address of 192.168.101.1. NAT outside is configured on E0/1 and NAT inside is configured on E0/0. Access-list 101 works in conjunction with the "ip nat inside source list 101 interface Ethernet0/1 overload" statement to permit all inside hosts to use E0/1 to connect to the Internet sharing whatever IP address is assigned to interface Ethernet E0/1.

The "overload" statement implements PAT (Port Address Translation) which makes that possible. (PAT allows multiple internal hosts to share single address on an external interface by appending different port numbers to each connection.)

The statement "ip nat inside source static tcp 192.168.101.2 1723 interface Ethernet0/1 1723" takes incoming port 1723 (PPTP) requests on Ethernet0/1 and forwards them to the VPN server located at 192.168.101.2.

You could do something similar with a Web server by changing port 1723 to port 80 or port 443. Here's what that would look like:

interface Ethernet0/1
ip address 12.1.2.3 255.255.255.0
ip nat outside
!
interface Ethernet0/0
ip address 192.168.101.1 255.255.255.0
ip nat inside
!
ip nat inside source list 101 interface Ethernet0/1 overload
ip nat inside source static tcp 192.168.101.2 80 interface Ethernet0/1 80
!
access-list 101 permit ip any any

In this example, the web server is located at 192.168.101.2 and instead of forwarding PPTP (port 1723) traffic, we're forwarding HTTP (port 80) traffic.

Obviously, you can configure your Cisco router in a similar manner to forward nearly any type of traffic from an outside interface to an internal host.

Don R. Crawley, CCNA-certified, is president and chief technologist at soundtraining.net, the Seattle training firm specializing in business skills and technical training programs for IT professionals. He works with IT pros to enhance their work, lives, and careers. Click here for a free subscription to soundbytes, the 60-second e-zine for IT pros with musings, rants, and how-to guides on things I.T.

Bookmark this article using any bookmark manager! Subscribe to Don R. Crawley's RSS feed using any feed reader!

EasyPublish™ this article - publishers click here

More articles by Don R. Crawley

Free Report!
Ten Essential Secrets Of Article Marketing ... Grab Your Free
Copy Now:




We respect your privacy.

Need Content?
Regular Top Quality Content for your Blog, Ezine or Website ...
Delivered Direct,
For Free!
Click For Details


Arts & Entertainment
Automotive
Business - General
Computers & Technology
Finance & Investment
Food & Drink
Health & Fitness
Home & Family
Internet Marketing/Online Business
Legal
Pets & Animals
Politics & Government
Reference & Education
Religion & Faith
Self-Improvement/Motivation
Social
Sports & Recreation
Travel & Leisure
Writing & Speaking

More computing articles:

  • Recharging Batteries to Save Money, and Better Than Buying New (Ezra Drissman)
    People have a great many batteries in their homes and their cost is even greater. The cost, however, of buying non-rechargeable batteries for our toys, games and small appliances goes far beyond money because the question arises of how to dispose of dead batteries.

  • Here's An Easy Way To Copy Wii Games Whenever You Want! (Grant Dougan)
    Numerous Wii owners have asked themselves if it's possible to burn Wii disks. This inquiry has been raised many times so today we are going to show you how it can be done. It's actually an incredibly easy thing to do once you have the right tools on your computer - let's take a look!

  • Remote Server Backup: Keeping Business Safe (Dave Talbot)
    With increased reliance on digital data and CRM systems server back up has never been more important as any server downtime or data loss can be crippling to a modern business. This article explores the essentials of remote server backup

  • Top 4 FREE CSS Tutorial Sites To Cut Your learning Curve Time In Half (Stacey Zimmerman)
    In this article will you see some of the most popular sites on the internet in terms of learning how to use CSS(Cascading Style Sheets) language. Even a newbie with no such background could easily learn by this tutorial sites.

  • The Ways That Using a Battery Switching Station Would Benefit the Economy (Ezra Drissman)
    With regard to the battery switching station, there are a lot of concepts that have to be considered. For example, using electric cars are better for the environment, but they are not always the best solution, especially for those who live in rural areas that must commute long distances at a time when they need to do their shopping or head to work.

  • What to Look for in Document Scanners (Matt Helphrey)
    Document scanners are sophisticated pieces of technology that come in a wide variety of options and add-ons. Here are a few things to look for when shopping for one to fit your needs.

  • Any Ringtone For All HTC and LG Cell Phones (Paul Wise)
    An overview of ringtones, their genres and how to download them.

  • Computer Leasing For New Businesses (Mark Farrell)
    In the current economic climate, start-up businesses need to consider all options to stack cash flow in their favour. I.T. equipment leasing could well provide the capital retention essential to survival and ultimately success.

  • The First Of Many Motorola Cell Phones (Paul Wise)
    A history of mobile phones which started with a make by Motorola.

  • Sprint Cell Phones: Why Is My Signal Bad? (Paul Wise)
    An overview of what causes cell phone signal interference and how you can reduce the problem.

We Automatically Distribute Articles
To Thousands Of Publishers And Web Sites:
Submit Article
All content is viewed and used by you at your own risk and we do not warrant the accuracy or reliability of any of the information. The views expressed are those of the individual contributing authors and not necessarily those of this web site, or its owner, Takanomi Limited.
  
Copyright © 2009 Takanomi Ltd. Company no. 5629683. All rights reserved. | Privacy | Legal | Contact Information