Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1889
Views
0
Helpful
4
Replies

NAT/PAT Setup with internal web server.

paskins
Level 1
Level 1

‎01-07-2003 06:09 PM - edited ‎03-02-2019 04:00 AM

Environment:

Web Server inside and 10 internal workstations.

One external public IP address.

Cisco Router 806 with HTTP server enable.

Conditions:

External users have to be able to access the web server.

The internal users have to be able to access the web server via the "EXTERNAL" IP address. Since they are using an external DNS.

Scenario:

The internal workstation request from external DNS address for the web server.

DNS replies with external IP address.

Workstation attempts to connect to web server via external IP address.

Connection fails at the router showing the router's HTTP logon page.

We are trying to implement NAT/PAT inside, with static assignment to port 80 to the internal web server.

Thanks, Pat Askins.

Labels:
0 Helpful
4 Replies 4

stierb
Level 1
Level 1

‎01-07-2003 07:11 PM

Have you considered using hosts file entries for the internal address of the webserver, on your internal workstations? As long as they check the hosts file before DNS (default on most workstation setups), they would go directly to the webserver without too much administrative overhead (since there are only ten of them).

0 Helpful

paskins
Level 1
Level 1
In response to stierb

‎01-08-2003 10:47 AM

Due to the website settings. It only replies to external addresses.

We are looking for something like "ALIAS" that can be used in PIX, to avoid the loop trying to access external global NAT address from already NAT address from the internal pool.

Thanks.

0 Helpful

paskins
Level 1
Level 1
In response to paskins

‎01-08-2003 06:32 PM

The router has IOS 12.2 and firewall feature, currently only implementing NAT.

0 Helpful

Konstantin Konotopchik
Level 1
Level 1

‎08-17-2013 02:44 AM

You need to use cisco NAT virtual interface,

Example:

your internal network web server ip 192.168.1.10/24 Fa0 router Fa1 Public Ip address 1.1.1.1

here is what you need to configure in NAT router to resolve your issue:

int fa0

ip nat enable

no ip redirects

int fa 1

ip nat enable

no ip redirects

ip nat source static tcp 192.168.1.10 80 1.1.1.1 80 overload

ip nat source list 1 interface fa0 overload

access-list 1 permit 192.168.1.0 0.0.0.255

now you can try access to your 1.1.1.1:80 from inside network.

0 Helpful
Customers Also Viewed These Support Documents