Re: NAT on Cisco Cat 6500

Geze2498 · ‎05-20-2019

I had private server that i want to be accessed from outside. so i did all the Static NAT and ACL configs with default port 80.

the issue is, once i typed the public ip from my browser which is behind the NAT, it displays the servers contents only for second and then displays only the private ip and error (http://192.168.1.144/ConnectHospial/faces/login.xhtml) to be exact.

suppose my public ip is 1.2.3.4 and private ip is 192.168.1.144 so what i did was http://1.2.3.4 then the above issue comes.

Jaderson Pessoa · ‎05-20-2019

Hello,

Are you trying it access your webserver using ip public from your internal lan? I think that wont be works well. What happens if your try it from external of your internal lan?

Do you clear cache of your web browser?

Could you share your configuration?

Jaderson Pessoa
*** Rate All Helpful Responses ***

Geze2498 · ‎05-20-2019

ip nat inside source static 192.168.1.144 1.2.3.4

is the nat config,for the test purpose i did "permit ip any any" on both ACLs applied on ip nat outside and ip nat inside interfaces,which means not having an ACL at all. then what i did was
http://1.2.3.4 from internet,not inside LAN.

Jaderson Pessoa · ‎05-20-2019

@Geze2498 hello,

Could you edit your acl to this below and post the result here?

ip nat inside source static 192.168.1.144 80 1.2.3.4 80

Thanks in advance.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Geze2498 · ‎05-20-2019

I actually tried that at first,but i shows this error and rejects my config

"%Port 80 is being used by system min80"

when i try to see my NAT config there was only one PAT/NAT-PT config with other public ip.

Jaderson Pessoa · ‎05-20-2019

Ok,

do it so:ip nat inside source static 192.168.1.144 80 1.2.3.4 8080

and try access your website through it: http://1.2.3.4:8080

Because the post 80 is in use at this moment in your catalyst.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Geze2498 · ‎05-20-2019

unfortunately that didn't work either,i tried that too. "%Port 8080 is being used by system min8080"

is there any means that help me kill "system min8080"?

Jaderson Pessoa · ‎05-20-2019

Just to test if it will works: ip nat inside source static 192.168.1.144 80 1.2.3.4 6143

and try access your website through it: http://1.2.3.4:6143

to clear running process

show processes >>> This will list all of the running processes and will help you locate the PID of the process that you want to kill

clear socket PID

Jaderson Pessoa
*** Rate All Helpful Responses ***

Geze2498 · ‎05-20-2019

I did that,but still the same problem.
i even cleared all NAT Translations and killed all the processes but the same error code exists,i can't do PAT.

Jaderson Pessoa · ‎05-21-2019

Please,

share your current configuration here.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Geze2498 · ‎05-21-2019

The image file is how it looks like when i browse with private IP from inside the LAN.

from the config i have removed sensitive information.

Jaderson Pessoa · ‎05-21-2019

well,

just for test: Cat65k-CoreVSS(config-ext-nacl)#1 permit ip any 1.2.3.4 << change from any to wan address.

and from internet explorer test your system or clear all cache in your web browser if you are using internal PC.

Jaderson Pessoa
*** Rate All Helpful Responses ***