How to configure an AR to allow only one public IP address to access intranet servers

3

To configure an AR to allow only one public IP address to access intranet servers, configure an ACL when you configure a NAT server.
For example, you can perform the following configurations to allow only public address 1.1.1.1 to access the intranet server (public address 2.1.1.1 and private address 10.1.1.22):
Configure an ACL to permit the source IP address 1.1.1.1.
acl number 2005
 rule 5 permit source 1.1.1.1 0 
Configure a NAT server and bind the ACL.
interface GigabitEthernet0/0/3
 nat server protocol tcp global 2.1.1.1 ftp inside 10.1.1.22 ftp acl 2005                                                            

Other related questions:
nabling intranet users to access the intranet server on the same subnet of the same security zone through a public IP address
Configure a source NAT policy with the source and destination security zones being the security zone where the users and intranet servers reside to translate source IP addresses of intranet users into a public address. Then configure a server static mapping policy to translate the destination addresses of packets destined for the public address of the servers into private addresses.

Allow specified IP addresses to access the Internet through an interface on an S series switch
You can configure an ACL-based traffic policy and apply the traffic policy to an interface on an S series switch to allow specified IP addresses to access the Internet through the interface. For example, configure GE0/0/1 to allow only the user with the IP address of 1.1.1.2 and prevent all other users to access the Internet. [HUAWEI] acl number 3030 [HUAWEI-acl-adv-3030] rule permit ip source 1.1.1.2 0 [HUAWEI-acl-adv-3030] quit [HUAWEI] acl number 3031 [HUAWEI-acl-adv-3031] rule permit ip [HUAWEI] traffic classifier test1 [HUAWEI-classifier-test1] if-match acl 3030 [HUAWEI] traffic classifier test2 [HUAWEI-classifier-test2] if-match acl 3031 [HUAWEI] traffic behavior test1 [HUAWEI-behavior-test1] permit [HUAWEI] traffic behavior test2 [HUAWEI-behavior-test2] deny [HUAWEI] traffic policy test [HUAWEI-trafficpolicy-test] classifier test1 behavior test1 [HUAWEI-trafficpolicy-test] classifier test2 behavior test2 [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] traffic-policy test inbound

The AR router has only one public IP address, how to configure full port mapping?
When the AR router has only one public IP, it can not configure full port mapping, only when it has multiple public IP addresses, it can configure full mapping.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top