No announcement yet.

Cisco IOS routing by port

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco IOS routing by port

    Hey all,

    This forum gave me the best advice I could find a week ago, so now that I've delved a lot deeper into my problem, I figured here would be a good place to ask the next question:

    My goal is to set up within IOS to have ALL packets destined for port 21 to be forwarded to a single IP address.

    Right now, I have one computer on the internal network and 2 on the external. In theory, there will be 1000s of computers on the internal network, 1000s of potential FTP servers on the internet that they are accessing, and only ONE FTP server that all requests get re-routed to.

    Topology (extremely simple):

    • I've made f0/0 an inside nat interface, and f1/0 and f2/0 outside nat interface.
    • C0 is intended to be inside the network, C1 and C2 are intended to be 'internet' computers, outside the network.
    • C1 and C2 each have an FTP server running on them.
    • I want C0 to request a file via FTP from C1's IP address, but instead have C2's IP address receive the request.
    • C0:, C1:, C2:
    Cisco IOS commands:
    • ip nat outside source static tcp 21192.168.3.2 21
    • ip nat inside (on f0/0)
    • ip nat outside (on f1/0, f2/0)
    • show ip nat translations:
    • Pro Inside global Inside local Outside local Outside global
      tcp --- ---

    Debug NAT records:

    When I try to ping from C0 to C1 and C2, everything works fine. When I try the FTP file request, the connection fails completely, and the following happens in debugging window:
    1. 01:11:25: NAT: i: tcp (, 1080) -> (, 21) [1443]
      01:11:25: NAT: setting up outside mapping>
      01:11:25: NAT: s=, d=> [1443]
      01:11:28: NAT: i: tcp (, 1080) -> (, 21) [1444]
      01:11:28: NAT: s=, d=> [1444]
      01:11:34: NAT: i: tcp (, 1080) -> (, 21) [1447]
      01:11:34: NAT: s=, d=> [1447]
    2. show ip nat translations gives a new table, somehow automatically the second entry was added:
    3. Pro Inside global Inside local Outside local Outside global
      tcp --- ---

    Apologize for such a long post. Any ideas why this won't seem to work? Looked into so many things, can't figure it out. As far as the debugging logs seem, it looks like everything should work.

    Should I just scrap this while idea of going with NAT and try to reach my goal with policy based routing instead?

    Any help whatsoever would be great, I hope someone knows their stuff.

    Thanks in advance everyone!

    Last edited by nick.milako; 23rd November 2009, 23:54.

  • #2
    Re: Cisco IOS routing by port

    I think the following article will give you some ideas.

    You can define this way an application aware routing.