Acheter ou Renouveler
Acheter ou Renouveler
annuler
Activer les suggestions
La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
Nouveau sujet
140
Visites
0
Compliment
5
Réponses

NAT Packet Tracer (Server Reset Connection)

adrienflorio
Level 1
Level 1

le ‎11-10-2024 07:17 AM

Hello,

I'm a student and I'm stuck on a step of my exercise.

I have a linux web server which is correctly accessible via the lcal ip on port 80 and 443, in the DMZ.

I'm trying to set a NAT for this server on the firewall router. If I configure NAT and try to access it via a LAN PC, I get this error: “Server Reset Connection” and I don't understand why.

It must be a configuration error on my part...

You will find my pkt file attached.

Thank you very much for your help

Adrien 

 

Étiquettes :
Schéma réseau.zip
0 Compliments
5 RÉPONSES 5

Flavio Miranda
VIP
VIP

le ‎11-10-2024 07:50 AM

@adrienflorio 

 Yes, I can see some problems and I will point it out.

First, for NAT you need  one interface for "inside" and one interface for "outside", I dont see your NAT outside.

Second, your configured the router in trunk with the switch but, you added ip address on the interface used for trunk.

You should remove the ip address of the interface Fa0/0 below and leave it only for trunk.

You can add the "ip nat inside" on the subinterface.

And you need the "ip nat outside" on the other interface, facing the server.

 

interface FastEthernet0/0

ip address 10.10.210.1 255.255.255.240

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 10.10.10.1 255.255.255.224

ip helper-address 10.10.30.2

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 10.10.20.1 255.255.255.248

ip helper-address 10.10.30.2

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 10.10.30.1 255.255.255.248

!

interface FastEthernet0/0.40

encapsulation dot1Q 40

ip address 10.10.40.1 255.255.255.252

!

 

======================================

 

interface FastEthernet1/0

ip address 10.10.99.1 255.255.255.252

ip nat outside

duplex auto

speed auto

 

 

0 Compliments

adrienflorio
Level 1
Level 1
En réponse à Flavio Miranda

le ‎11-10-2024 08:55 AM

Hello Flavio,

Thank you for your reply.

I added “ip nat outside” on the router port in front of the web server and “ip nat inside” on the fa0/0.10 sub-interface.

Unfortunately, I still get the same error when I try to access the web server page with the ip “132.186.32.1”.

Thanks for your help
Adrien

 

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 10.10.10.1 255.255.255.224

ip helper-address 10.10.30.2

ip nat inside

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 10.10.20.1 255.255.255.248

ip helper-address 10.10.30.2

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 10.10.30.1 255.255.255.248

!

interface FastEthernet0/0.40

encapsulation dot1Q 40

ip address 10.10.40.1 255.255.255.252

!

interface FastEthernet1/0

ip address 10.10.99.1 255.255.255.252

ip nat outside

duplex auto

speed auto

!

interface Serial2/0

ip address 132.186.32.1 255.255.255.248

clock rate 64000

!

interface Serial3/0

no ip address

clock rate 2000000

shutdown

!

interface FastEthernet4/0

no ip address

shutdown

!

interface FastEthernet5/0

no ip address

shutdown

!

ip nat inside source static tcp 10.10.99.2 443 132.186.32.1 443

ip nat inside source static tcp 10.10.99.2 80 132.186.32.1 80

ip classless

0 Compliments

Flavio Miranda
VIP
VIP
En réponse à adrienflorio

‎11-10-2024 09:20 AM - modifié ‎11-10-2024 09:21 AM

Ok, lets see.  The error actually make sense. If I am not mistaken, 132.186.32.1 is the IP address of your router serial interface, is not it?  If so, when you send a connection to 132.186.32.1:80 or 443, this packet is hitting the router serial interface and , of course, the router will not reply. 

 Not sure if you have a statement or some guide to follow, but, the way you are building this, seems not right. 

Take a look on this link below, it tells you how to configure PAT(port address translation) and it seems you are trying to do something similar. 

Port Address Translation (PAT) configuration (study-ccna.com)

 

0 Compliments

adrienflorio
Level 1
Level 1
En réponse à Flavio Miranda

le ‎11-10-2024 09:37 AM

Here are the indications I was given:

I must be able to contact the web server from my lan via a public ip. The nat must be used to translate the public ip address (132.186.32.1) to the lan ip (10.10.99.2) on port 80 or 443.

0 Compliments

Flavio Miranda
VIP
VIP
En réponse à adrienflorio

le ‎11-10-2024 10:51 AM

There will be more than one way to do this. Take a look on what I did and see if make sense for you.

 

FlavioMiranda_0-1728669033893.png

 

Schéma réseau_v2.zip
0 Compliments

Liens rapides

Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français

Partager un document Rédiger un blog Vidéos R&S
Customers Also Viewed These Support Documents