I am pretty comfortable getting an internal subnet to NAT with overload to a single public IP, but what if you wanted to go the other direction? Let's say I have a host on my internal subnet and I want someone from the public subnet to be able to RDP to an internal host? What would those commands look like?
For example, lets say my internal subnet is 192.168.98.0/24 and my external subnet is 10.10.10.0/30.. here is the basic config to allow for a many to one NAT to the public network. Now lets say I would like to allow someone on the 10.10.10.0/30 network or anywhere really to connect to a host at 192.168.98.4 on TCP port 3389. What commands would I use to add this to the config ?
ip nat outside
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip address 192.168.98.1 255.255.255.0
access-list 1 permit 192.168.98.0 0.0.0.255
ip nat pool testpool 10.10.10.1 10.10.10.1 netmask 255.255.255.252
ip nat inside source list 1 pool testpool overload