Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1587
Views
5
Helpful
8
Replies

Access a server inside LAN

Go to solution
Diogo Figueiredo
Level 1
Level 1

‎01-08-2023 09:34 AM

Hi,

I am facing an issue with my LAN, I have a router Cisco 1921 and behind a switch Catalyst 1000, on one of the ports of the switch I have a little server with proxmox on it for virtualization, I would like to access it from anywhere in the internet however I am struggling with NAT giving my topology. I leave the plan of my topology in the attachment as well as configs so far, can you help me?

Thanks in advance.

Diogo Figueiredo

Labels:
Preview file
95 KB
Preview file
97 KB
Preview file
5 KB
Preview file
5 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to Diogo Figueiredo

‎01-08-2023 11:56 AM - edited ‎01-08-2023 12:00 PM

ip nat inside source list 100 interface Dialer1 overload
!
!
access-list 1 permit 10.0.20.0 0.0.0.255
access-list 1 permit 10.0.30.0 0.0.0.255  <<- this OP if you want server subnet need to access internet 
!
ip nat inside source static TCP/UDP 10.0.30.2 eq <port> interface dialer1 eq <same port>

"""you need static PAT to access server inside what you sharing is dynamic nat not static PAT."""


https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

check this link for more reference 

View solution in original post

Go to solution
Diogo Figueiredo
Level 1
Level 1
In response to MHM Cisco World

‎01-08-2023 10:23 PM

Hi,

I solved the problem, I am now able to access the server from outside in a given port. I found an article here https://www.networkstraining.com/cisco-router-port-forwarding-configuration/ which uses the same approach as you mentioned.

I created an ACL with the subnet I want to access and the a static NAT with given ports pointing to the address of the server.

access-list 1 permit 10.0.30.0 0.0.0.255

ip nat inside source static tcp 10.0.30.3 port myPublicIp port

 

Thanks for your help.

Best Regards,

Diogo

View solution in original post

0 Helpful
8 Replies 8

Go to solution
MHM Cisco World
VIP
VIP

‎01-08-2023 09:42 AM

Cisco network diagram - Goal.png

0 Helpful

Go to solution
Diogo Figueiredo
Level 1
Level 1
In response to MHM Cisco World

‎01-08-2023 11:03 AM

Hi,

If you check my config ip route was already inside, I already tried this nat command but it did not work, unfortunately.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Diogo Figueiredo

‎01-08-2023 11:36 AM - edited ‎01-08-2023 11:37 AM

from internet access the server using the router ISP interface not using real server IP. 
also check the show ip nat translation, do you see NAT entry ? 
are you run any ACL in router ISP interface ?
are the SW have default route toward router ?

0 Helpful

Go to solution
Diogo Figueiredo
Level 1
Level 1
In response to MHM Cisco World

‎01-08-2023 11:46 AM - edited ‎01-08-2023 11:48 AM

ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.0.20.0 255.255.255.252 10.0.0.2
ip route 10.0.30.0 255.255.255.252 10.0.0.2
ip route 192.168.10.0 255.255.255.0 10.0.0.2
!
dialer-list 1 protocol ip permit
!
!
snmp-server community public RO 1
access-list 1 permit 10.0.20.0 0.0.0.255
access-list 50 remark ACL to block everything
access-list 50 deny any
access-list 51 remark ACL for NTP allowed servers
access-list 51 permit 195.43.113.1
access-list 51 permit 195.43.114.2
access-list 51 permit 195.43.113.2
access-list 51 permit 195.43.114.1
access-list 100 permit ip 10.0.20.0 0.0.0.255 any
access-list 100 permit ip 10.0.30.0 0.0.0.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any

 

On the switch there is a default route pointing to the router 10.0.0.1, internet is working fine from all hosts, only what I would like is to access https://myPublicIp:8006 and this be redirected to the address 10.0.30.2 which is the server. A kind of port redirection.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Diogo Figueiredo

‎01-08-2023 11:56 AM - edited ‎01-08-2023 12:00 PM

ip nat inside source list 100 interface Dialer1 overload
!
!
access-list 1 permit 10.0.20.0 0.0.0.255
access-list 1 permit 10.0.30.0 0.0.0.255  <<- this OP if you want server subnet need to access internet 
!
ip nat inside source static TCP/UDP 10.0.30.2 eq <port> interface dialer1 eq <same port>

"""you need static PAT to access server inside what you sharing is dynamic nat not static PAT."""


https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

check this link for more reference 

Go to solution
Diogo Figueiredo
Level 1
Level 1
In response to MHM Cisco World

‎01-08-2023 12:48 PM

Tried all that but without success unfortunately, I really don't know what I am missing and to be honest my knowledge is on the limit as well. Thanks anyway for your support!

0 Helpful

Go to solution
Diogo Figueiredo
Level 1
Level 1
In response to MHM Cisco World

‎01-08-2023 10:23 PM

Hi,

I solved the problem, I am now able to access the server from outside in a given port. I found an article here https://www.networkstraining.com/cisco-router-port-forwarding-configuration/ which uses the same approach as you mentioned.

I created an ACL with the subnet I want to access and the a static NAT with given ports pointing to the address of the server.

access-list 1 permit 10.0.30.0 0.0.0.255

ip nat inside source static tcp 10.0.30.3 port myPublicIp port

 

Thanks for your help.

Best Regards,

Diogo

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Diogo Figueiredo

‎01-09-2023 05:52 AM

You are so so welcome 

0 Helpful
Customers Also Viewed These Support Documents