Hey Adeeb,

Logically thinking If you trying for a public IP i.e.., you Server with Public IP, You device will try to access the WAN interface and searches the Internet and then it will come to know it is available at the you office network and comes back to your WAN interface where you have a command IP NAT outside for the IP which you are trying hence a loop.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Hi Thanveer,

Thanks for your reply. However I cannot provide a traceroute because my actual public ip leads to sensitive info. Anyway what I can tell you is that it is resolved by my ISP's DNS.

Anyway it may seem like logical thinking however in reality what is happening is that my private IP is translated to my public IP when going into the internet which then redirects it back to my public IP. So technically I am "surfing myself". Thats why I think there is an error.

Regards,

Adeeb

Hey Adeeb,

However it is good to hear that the issue has got resolved.

Please rate the helpful tags it may help others.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Hi Francesco,

Thanks for your reply, but your solution cannot solve my problem.

Here is many router show run again:

User Access Verification

Username: xxxxxx

Password:

RP_Router01#show run

Building configuration...

Current configuration : 2520 bytes

!

! Last configuration change at 12:29:38 SGT Fri Oct 19 2012 by xxxxxx

! NVRAM config last updated at 12:34:16 SGT Fri Oct 19 2012 by xxxxxx

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RP_Router01

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 10

clock timezone XXX X

!

!

ip source-route

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.99

ip dhcp excluded-address 192.168.1.222

!

ip dhcp pool NetworkPool

   import all

   network 192.168.1.0 255.255.255.0

   dns-server XXX.XXX.XXX.66 XXX.XXX.XXX.66

   default-router 192.168.1.1

!

!

ip cef

no ip domain lookup

ip domain name XXXXX.XXXXX.com.XX

ip name-server XXX.XXX.XXX.66

ip name-server XXX.XXX.XXX.66

login block-for 30 attempts 5 within 10

login delay 3

login quiet-mode access-class 23

no ipv6 cef

!

!

license udi pid CISCOXXX-XXX sn XXXXXXXXXXX

!

!

username admin privilege 15 secret X ************************.jgis1

!

!

!

policy-map NGNBN

class class-default

  set cos 1

!

!

!

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

interface FastEthernet4.1103

description WAN_Link_100MbpsFibreBiz

encapsulation dot1Q 1103

ip address dhcp

ip nat enable

ip virtual-reassembly

no cdp enable

service-policy output NGNBN

!

interface Vlan1

description LocalLAN

ip address 192.168.1.1 255.255.255.0

ip nat enable

ip virtual-reassembly

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat source list NAT_Addresses interface FastEthernet4.1103 overload

ip nat source static tcp 192.168.1.198 80 49.123.456.7 80 extendable

ip nat source static tcp 192.168.1.198 443 49.123.456.7 443 extendable

ip nat source static tcp 192.168.1.198 8090 49.123.456.7 8090 extendable

!

ip access-list extended NAT_Addresses

permit ip 192.168.1.0 0.0.0.255 any

!

access-list 23 remark ** Managment_Segment **

access-list 23 permit XXX.XXX.0.0 0.0.0.255

access-list 23 permit XXX.XXX.XXX.0 0.0.0.255

access-list 23 permit XXX.XXX.XXX.0 0.0.0.255

access-list 23 permit XXX.XXX.XXX.0 0.0.0.255

access-list 23 permit 192.168.1.0 0.0.0.255

!

!

!

!

!

control-plane

!

!

line con 0

privilege level 15

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

!

scheduler max-task-time 5000

ntp server XXX.XXX.XXX.1 prefer

ntp server XXX.XXX.XXX.81

end

I was following exactly your command but no idea why still cannot access my public static IP 49.123.456.7 from local network.

Regards,

Adeeb

What is done by ISP's DNS to resolve the issue? can there be any problem because of that?

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Hi Thanveer,

The issue is not resolved yet.

Regards,

Adeeb

sorry Adeeb, I was confused.

You meant that IP is resolved by DNS of ISP.

It must work with what Mr Francesco given, Can you spare the impact of rebooting the router....

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Hi

have you tried to reboot the router? It might be required since that change

is quite impacting.

Please let me know if it helps

Hi Francesco,

Yes I can reboot the router later. I shall let you know. Meanwhile here are some of the nvi translations from the router:

tcp 49.123.456.7:443    192.168.1.198:443  ---                ---

tcp 49.123.456.7:2492   192.168.1.198:2492 65.51.162.241:2492 65.51.162.241:2492

tcp 49.123.456.7:8090   192.168.1.198:8090 ---                ---

udp 49.123.456.7:37     192.168.1.199:137  192.168.1.255:137  192.168.1.255:137

My server's are using the 443 and the 8090 port (the one on 8090 is actually a virtual server). The translations work fine with other websites but they cannot translate only the servers from an internal source.

Here are some remote logins from external public IP we have tested:

tcp 202.130.153.152:61510  202.130.153.152:61510    49.123.456.7:443         192.168.1.198:443

tcp 42.68.125.235:36378     42.68.125.235:36378        49.123.456.7:443         192.168.1.198:443

tcp 42.68.125.235:36382     42.68.125.235:36382        49.123.456.7:443         192.168.1.198:443

If there is any other alternative that does not involve restarting the router do let me know. I am not sure when exactly we can reboot the router in the working hour.

Regards,

Adeeb

i'm not quite sure... you could avoid rebooting trying

clear ip nat nvi translations *

clear ip nat translations *

Dear Francesco,

Can we do

clear xlate [global ip1[-ip2] [netmask mask]] [local ip1[-ip2] [netmask mask]]
[gport port1[-port2]] [lport port1[-port2]] [interface if_name] [state state]

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

No, that's the equivalent command for pix/asa/fwsm

Francesco