Cisco NAT FTP to same IP as Overload
The idea for this tutorial is you only have a /30 on our outside interface. You have an FTP server on the inside of your network you want to make publicly accessible. What we are going to do is NAT the FTP port on the outside interface to our FTP server on the inside. We will do all of this while still NAT Overloading on that same IP.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | interface fa0/0 desc outside-interface ip address 1.1.1.1 255.255.255.252 ip nat outside ! interface fa0/1 desc inside-interface ip address 192.168.1.1 255.255.255.0 ip nat inside ! ip route 0.0.0.0 0.0.0.0 1.1.1.2 ! ip access-list extended nat permit ip 192.168.1.0 0.0.0.255 any ! ip nat inside source list nat interface fastEthernet 0/0 overload !Here's where the magic begins. We are doing our specific FTP NATs below. ip nat inside source static tcp 192.168.1.11 21 interface FastEthernet0/0 21 ip nat inside source static tcp 192.168.1.11 20 interface FastEthernet0/0 20 |
You’ll notice that the two last lines are where everything happens. You are basically saying everything that comes in the outside interface destined for ports 21 and 20 to redirect to the specific inside host of 192.168.1.11.
1 2 | ip nat inside source static tcp 192.168.1.11 21 interface FastEthernet0/0 21 ip nat inside source static tcp 192.168.1.11 20 interface FastEthernet0/0 20 |