Re: We Cannot Access website With Public IP But Can With Private IP

yuttakarninsorn91289 · ‎05-24-2020

We are hosting a web page and it can be viewed internally by it's private IP (192.168.42.4). It can be viewed externally when using our public IP address. However it cannot be loaded internally by using the external IP. It asks to log in (to the router) when trying to load the page. Please advise. Router configuration will follow. i use cisco router 881

interface Loopback1
 no ip address
 !
!
interface Tunnel0
 ip address xx.xx.xxx.16 255.255.255.0
 no ip redirects
 ip mtu 1338
 ip nhrp authentication Kxxxxx
 ip nhrp map xx.xx.xxx.1 xx.xx.xxx.80
 ip nhrp map multicast xx.xx.xxx80
 ip nhrp network-id 100000
 ip nhrp holdtime 600
 ip nhrp nhs xx.xx.xxx.1
 ip summary-address eigrp 1 xx.xx.xxx.0 255.255.255.0
 tunnel source FastEthernet4
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile vpnprof
 !
!
interface FastEthernet0
 !
!
interface FastEthernet1
 switchport access vlan 2
 !
!
interface FastEthernet2
 switchport access vlan 3
 !
!
interface FastEthernet3
 switchport access vlan 43
 shutdown
 !
!
interface FastEthernet4
 ip address xx.xx.xxx.242 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
 service-policy output QOS-CBWFQ
!
interface Vlan1
 description xxxx
 ip address xx.xx.xxx.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 !
!
interface Vlan2
 description "VDO CONFERENCE"
 ip address xx.xx.xxx.254 255.255.255.0
 !
!
interface Vlan3
 description "Hit "
 ip address xx.xx.xxx.254 255.255.255.0
 !
!
interface Vlan43
 ip address xx.xx.xxx.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 !
!
!
router eigrp 1
 distribute-list 10 out Tunnel0
 distribute-list 20 in Tunnel0
 network 10.0.0.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 30 interface FastEthernet4 overload
ip nat inside source list nat interface Loopback1 overload
ip nat inside source static tcp xx.xx.xxx.4 80 xx.xx.xxx 80 extendable
ip nat inside source static tcp xx.xx.xxx.4 443 xx.xx.xxx 443 extendable
ip nat inside source static udp xx.xx.xxx.4 1194 xx.xx.xxx 1194 extendable
ip nat inside source static tcp xx.xx.xxx.4 8906 xx.xx.xxx 8906 extendable
ip route 0.0.0.0 0.0.0.0 xx.xx.xxx.241
ip route 10.1.23.0 255.255.255.0 xx.xx.xxx.2
ip route 10.18.0.0 255.255.0.0 Tunnel0
ip route 20.20.0.0 255.255.255.0 xx.xx.xxx.253
ip route 20.20.1.0 255.255.255.0 xx.xx.xxx.253
ip route 192.168.43.0 255.255.255.0 192.168.42.253
!
access-list 10 permit 10.76.129.0 0.0.0.255
access-list 10 deny   any
access-list 20 permit 10.0.0.0 0.255.255.255
access-list 20 permit 192.168.0.0 0.0.255.255
access-list 20 deny   any
access-list 30 permit 0.0.0.2 255.255.255.248
access-list 101 permit tcp any any eq 1494
access-list 101 permit udp any any eq 1494
access-list 102 permit udp any any range 3230 3253
access-list 102 permit udp any any range 17000 17050
access-list 102 deny   ip any any fragments
access-list 102 permit udp any any range 17100 17150
access-list 102 permit udp any any range 1700 1750
access-list 102 permit tcp any any range 1700 1750
access-list 102 permit tcp any any range 3230 3235
no cdp run

!
!
!
!
!
control-plane
 !
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 password 7 xxx
 login
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Mohammed al Baqari · ‎05-25-2020

I am assuming that both your LAN server and your LAN network are on the
inside interfaces (with ip nat inside configured on them). In this case,
your nat statements won't work. Because they nat inside to outside (they
don't nat inside to inside).

You can configure policy routing to force the traffic to pass through the
outside interface then back to the server to get your natting working.

**** please remember to rate useful posts