!
ip inspect name INET http
ip inspect name INET https
ip inspect name INET ftp
ip inspect name INET icmp router-traffic
ip inspect name INET smtp
ip inspect name INET tcp router-traffic
!
!
interface FastEthernet0
ip address 10.1.1.1 255.255.255.0
ip access-group Input-Traf1 in
ip nat outside
!
!
interface Vlan2
ip address 192.168.10.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip inspect INET in
!
ip nat inside source list 2 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.10.1 8080 10.1.1.1 8080 extendable no-alias
ip nat inside source static tcp 192.168.10.1 3389 10.1.1.1 3389 extendable no-alias
!
ip access-list extended Input-Traf1
remark --------- Deny traf-in ---------
permit tcp any host 10.1.1.1 eq 22
permit tcp any host 10.1.1.1 eq 8080
permit tcp any host 10.1.1.1 eq 3389
permit icmp any host 10.1.1.1
deny ip any any
!
access-list 2 remark --------- NAT ---------
access-list 2 permit 192.168.10.0 0.0.0.255
!
|