dynamic nat

[hasim]

Hi, I am using cp r 55 and our structure is like this:

dsl sataic ip 85.x.x.19

cp external ip 192.168.2.2

cp internal ip 10.10.0.200

i want to do the following steps:

To make the following remote desktop request from outside: 85.95.x.19:3390


to the following nat:192.168.2.2 nat internal 10.10.0.1


To make the following remote desktop request from outside: 85.95.x.19:3391


to the following nat: 192.168.2.2 nat internal 10.10.0.2


To make the following remote desktop request from outside: 85.95.x.19:3392


to the following nat :192.168.2.2 nat internal 10.10.0.3


How can i do that? I donot have enough information about cp

Can anyone guide me step by step?

Thanks

[MarioL]

Hi hasim,

In an ideal configuration the external interface of the firewall should have a valid public IP (many times it's possible to configure the modem/router to pass the IP to the firewall). I would recommend that you try to get that change done when possible. Also, you should consider using SecuRemote to create a client-to-site VPN, so that you can connect remotely to your internal resources.

I don't think the configuration you are going for is ideal, since it's not as secure.
That said, you can achieve what you state like this:
- Create 3 TCP services, one for each port (3390, 3391, 3392)
- Create 3 host objects for the servers (10.10.0.1, 10.10.0.2, 10.10.0.3)
- Create one rule to allow access:
Any | 192.168.2.2 | 3390, 3391, 3392 | Accept | Log
- Create 3 NAT rules:
Any | 192.168.2.2 | 3390 | = | 10.10.0.1 | =
Any | 192.168.2.2 | 3391 | = | 10.10.0.2 | =
Any | 192.168.2.2 | 3392 | = | 10.10.0.3 | =

- You might also need to create a group with all the servers and also add it to the destination on access rule (depends on settings)

You should already have a NAT hide rule that will hide the servers on the 192.168.2.2 IP when going out.

I might have forgotten something, but I think that's it.

[hasim]

thanks MarioL