cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2763
Views
5
Helpful
8
Replies

Access a server inside LAN

Hi,

I am facing an issue with my LAN, I have a router Cisco 1921 and behind a switch Catalyst 1000, on one of the ports of the switch I have a little server with proxmox on it for virtualization, I would like to access it from anywhere in the internet however I am struggling with NAT giving my topology. I leave the plan of my topology in the attachment as well as configs so far, can you help me?

Thanks in advance.

Diogo Figueiredo

2 Accepted Solutions

Accepted Solutions

ip nat inside source list 100 interface Dialer1 overload
!
!
access-list 1 permit 10.0.20.0 0.0.0.255
access-list 1 permit 10.0.30.0 0.0.0.255  <<- this OP if you want server subnet need to access internet 
!
ip nat inside source static TCP/UDP 10.0.30.2 eq <port> interface dialer1 eq <same port>

"""you need static PAT to access server inside what you sharing is dynamic nat not static PAT."""


https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

check this link for more reference 

View solution in original post

Hi,

I solved the problem, I am now able to access the server from outside in a given port. I found an article here https://www.networkstraining.com/cisco-router-port-forwarding-configuration/ which uses the same approach as you mentioned.

I created an ACL with the subnet I want to access and the a static NAT with given ports pointing to the address of the server.

access-list 1 permit 10.0.30.0 0.0.0.255

ip nat inside source static tcp 10.0.30.3 port myPublicIp port

 

Thanks for your help.

Best Regards,

Diogo

View solution in original post

8 Replies 8

Cisco network diagram - Goal.png

Hi,

If you check my config ip route was already inside, I already tried this nat command but it did not work, unfortunately.

from internet access the server using the router ISP interface not using real server IP. 
also check the show ip nat translation, do you see NAT entry ? 
are you run any ACL in router ISP interface ?
are the SW have default route toward router ?

ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.0.20.0 255.255.255.252 10.0.0.2
ip route 10.0.30.0 255.255.255.252 10.0.0.2
ip route 192.168.10.0 255.255.255.0 10.0.0.2
!
dialer-list 1 protocol ip permit
!
!
snmp-server community public RO 1
access-list 1 permit 10.0.20.0 0.0.0.255
access-list 50 remark ACL to block everything
access-list 50 deny any
access-list 51 remark ACL for NTP allowed servers
access-list 51 permit 195.43.113.1
access-list 51 permit 195.43.114.2
access-list 51 permit 195.43.113.2
access-list 51 permit 195.43.114.1
access-list 100 permit ip 10.0.20.0 0.0.0.255 any
access-list 100 permit ip 10.0.30.0 0.0.0.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any

 

On the switch there is a default route pointing to the router 10.0.0.1, internet is working fine from all hosts, only what I would like is to access https://myPublicIp:8006 and this be redirected to the address 10.0.30.2 which is the server. A kind of port redirection.

ip nat inside source list 100 interface Dialer1 overload
!
!
access-list 1 permit 10.0.20.0 0.0.0.255
access-list 1 permit 10.0.30.0 0.0.0.255  <<- this OP if you want server subnet need to access internet 
!
ip nat inside source static TCP/UDP 10.0.30.2 eq <port> interface dialer1 eq <same port>

"""you need static PAT to access server inside what you sharing is dynamic nat not static PAT."""


https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

check this link for more reference 

Tried all that but without success unfortunately, I really don't know what I am missing and to be honest my knowledge is on the limit as well. Thanks anyway for your support!

Hi,

I solved the problem, I am now able to access the server from outside in a given port. I found an article here https://www.networkstraining.com/cisco-router-port-forwarding-configuration/ which uses the same approach as you mentioned.

I created an ACL with the subnet I want to access and the a static NAT with given ports pointing to the address of the server.

access-list 1 permit 10.0.30.0 0.0.0.255

ip nat inside source static tcp 10.0.30.3 port myPublicIp port

 

Thanks for your help.

Best Regards,

Diogo

You are so so welcome