So I recently replaced a Cisco ASA with a Cisco 2900 series router and needed to port forward SMTP, HTTP/HTTPS to an internal address from a global outside address.
This is the method I used that worked. For some reason, when I tried to apply it via the route-map, it kept giving me a duplicate IP address warning on the actual server and on the router. I am confused by that, but the following did work for me.
access-list 100 permit tcp any any eq smtp access-list 100 permit tcp any any eq www access-list 100 permit tcp any any eq 443 ip nat pool MAILSERVER 10.10.0.14 10.10.0.14 netmask 255.255.255.0 type rotary ip nat inside destination list 100 pool MAILSERVER
The following did NOT work for me and I’m *not* sure why… can someone shed light?
routerA(config)#ip nat inside source static tcp 74.219.241.254 10.10.0.14 25 route-map lan2wan
Here’s part of the config (that should be relevant…)
interface GigabitEthernet0/0 description Time Warner Cable 15x2 ip address 74.219.241.254 255.255.255.0 ip nat outside ip virtual-reassembly in no ip route-cache duplex auto speed auto end access-list 10 permit 10.10.0.0 0.0.0.255 ip nat inside source route-map lan2wan interface GigabitEthernet0/0 overload route-map lan2wan permit 10 match ip address 10
