Re: http port redirection without NAT

Thanks Narbik.. yeah kind of this solution but my issue is having auth-proxy
and this situation in one router. The authproxy steals the http session
before it even hits the nat. Applying nat goes just out.

Internet----R1-----fe0/1---R2-fe0/0-----|sw|----30 users

R2 is configured as a AUTH-PROXY doing authentication for 200 users.

The issue is if a server outside running on port 800 or non standard http
port, they can bypass the auth-proxy. Authproxy doesn't even ask them for
any authentication on non standard port.

So I was looking to redirect it on fe0/0 - anything that might work.

The conditions are fe0/0 must have auth-proxy we can't move it to fe0/1 and
user got to stay where they are!!

On Wed, Mar 9, 2011 at 4:55 PM, Narbik Kocharians <narbikk_at_gmail.com> wrote:

> Frog,
>
> is this what you are looking for? the following router will answer to ports
> 80 and 800 for its HTTP connection, so when this router receives any traffic
> destined for its S0/0.14 interface for ports 80 or 800, the traffic is
> redirected to a given host with an IP address of 10.1.123.3. It's called
> PAR.
>
>
> Router(config)#*Ip nat inside source static tcp 10.1.123.3 80 interface
> S0/0.14 80*
>
> Router(config)#*Ip nat inside source static tcp 10.1.123.3 800 interface
> S0/0.14 800*
>
> **
>
> **
>
> **On Tue, Mar 8, 2011 at 8:03 PM, David Prall <dcp_at_dcptech.com> wrote:
>
>> Can't even make it listen only on 800. NAT appears to be the best bet, and
>> it works.
>>
>> --
>> http://dcp.dcptech.com
>>
>>
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> > Radioactive Frog
>> > Sent: Tuesday, March 08, 2011 10:54 PM
>> > To: Cisco certification
>> > Subject: http port redirection without NAT
>> >
>> > Folks,
>> >
>> > Requirement: entering traffic on TCP port 80 and 800 should hit the
>> > router's
>> > web server.
>> >
>> > Is it possible to make router listen on port 80 and 800 simultaneously
>> > ? I
>> > doubt it.
>> >
>> > OR
>> >
>> > ip http port 80 + when traffic comes on 8080 it re-direct to 80
>> >
>> > Can't see any rotary group type option for HTTP.
>> >
>> > Rotary group works perfectly but only for ssh. In voice world we call
>> > it
>> > hunt-grup :)
>> >
>> > PS: NAT works fine in redirecting tcp port 800 to 80 but a bit dirty
>> > solution so looking for the other alternates.
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> *Narbik Kocharians
> *CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com <http://www.micronicstraining.com/>
> Sr. Technical Instructor
> *Ask about our FREE Lab Voucher with our Boot Camps*
> YES! We take Cisco Learning Credits!
> Training & Remote Racks available

Blogs and organic groups at http://www.ccie.net
Received on Wed Mar 09 2011 - 18:05:11 ART