I know again that this is not a good practice because regular HTTP at port 80 is not encrypted and you should always use HTTPs at port 443.įor the sake of simplicity though let’s assume we have a Web Server listening at port 80.Īnother requirement is to configure PAT (NAT overload or Port Address Translation) for allowing Outgoing traffic from the LAN network towards the Internet. We want to allow access from the Internet towards the Web Server (192.168.1.10) at port 80. However, for the sake of explaining port forwarding, let’s assume we have the above setup. I know that the above is not a good practice in terms of security because you should avoid placing a publicly-accessible server inside your internal LAN network. The following is also the most common topology found in real-world networks.Īs shown from the network above, we have a LAN Network (192.168.1.0/24) with several users’ computers and also a Web Server.
Let’s see the following basic network diagram to understand our scenario better. Port Forwarding is based on static NAT whereby the public IP address assigned to the outside WAN interface of the router is translated to an internal private IP address and port assigned to an internal server. Port Forwarding is a feature that can be used to provide access from the Internet to internal servers in a Local Network. This option is good in low-budget networks, in remote offices, or in SMB networks that don’t have high requirements in terms of security etc.
In this article however we will discuss and explain how to achieve the above requirement using port forwarding with a Cisco router.
In most network designs, you will see that the usual and “proper” way to protect publicly accessible servers is to place them behind a network firewall such as Cisco ASA, Fortigate, Checkpoint, Palo Alto etc. Imagine the following situation: You are a network engineer and your boss or a customer wants you to build a cheap and easy solution to host a publicly accessible server (such as Webserver, Email server, VPN server etc) using only a regular Cisco router.