I am currently learning about NAT using Cisco Packet Tracer. I have set up a web server named www.isp.com with the IP address 209.165.100.12. I configured NAT on the ISP router and also set up static port forwarding using the following command:
ip nat inside source static tcp 209.165.100.12 80 209.165.110.3 8080
interface Gig0/1
ip nat inside
exit
interface Serial0/0/0
ip nat outside
exit
When I access the local IP in my web browser (209.165.100.12) from the DNS server 209.165.100.11, the website is displayed without any issues. However, when I try to access the website using the public IP (209.165.110.3), I receive a Request Timeout error.
I have tested it from various clients within my Packet Tracer environment. I have uploaded the Packet Tracer file and my configuration commands directly. Can someone please explain where my mistake might be?
Paket Tracer File: https://easyupload.io/w9svqs
Here the running-config of the ISP Router:
ISP#show running-config
Building configuration...
Current configuration : 1145 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP
!
!
!
!
!
!
!
!
no ip cef
ipv6 unicast-routing
!
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX15242AUZ-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
ip address 209.165.100.1 255.255.255.0
ip nat inside
duplex auto
speed auto
ipv6 address 2001:DB8:AB:1::1/64
!
interface Serial0/0/0
ip address 209.165.110.1 255.255.255.248
ip nat outside
ipv6 address 2001:DB8:AB:AB00::1/64
clock rate 2000000
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface Serial0/0/0 overload
ip nat inside source static tcp 209.165.100.12 80 209.165.110.3 8080
ip nat inside source static udp 209.165.100.11 53 209.165.110.4 53
ip classless
!
ip flow-export version 9
!
!
access-list 1 permit 209.165.100.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Hello,
I have verified this using a web browser (please refer to the screenshot). Additionally, I attempted to create a complex PDU using HTTP, but all my attempts were unsuccessful.
If I configure a static route on R1 (ip route 0.0.0.0 0.0.0.0 192.168.2.1), the connection appears to function properly from the admin computer. However, I'm curious why setting up the default route is necessary? Additionally, I'm puzzled as to why it doesn't work from the DNS server?
Hello,
Thank you very much for your response. I've successfully pinged the web server from the ISP (which is actually www.isp.ch
However, I should clarify that the ping for 209.165.110.3 isn't working because it only responds to HTTP requests (ip nat inside source static tcp 209.165.100.12 80 209.165.110.3 8080). If I attempt to access the website from the DNS server using the local IP, it works fine:
But when I try to access it via the IP 209.165.110.3, it doesn't work:
If I configure a static route on R1 (ip route 0.0.0.0 0.0.0.0 192.168.2.1), the connection appears to function properly from the admin computer. However, I'm curious why setting up the default route is necessary? Additionally, I'm puzzled as to why it doesn't work from the DNS server?
