cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6382
Views
10
Helpful
7
Replies

Cisco router configuration for public ip

Aronamaha
Level 1
Level 1

I want to config. my Cisco 1941 router to
1. enable my LAN users to access internet
2. make my web server 192.168.1.100 255.255.255.0 live from internet,
my ISP gave me this

wan ip 10.136.65.150

subset mask 255.255.255.252
gateway 10.136.65.146
and public IP address 196.190.29.81 and 196.190.29.82 (for my web server)
internet is working using my tplink router using the wan ip (not the public ip )

7 Replies 7

Alan Ng'ethe
Level 3
Level 3

I want to config. my Cisco 1941 router to
1. enable my LAN users to access internet

 

access-list 100 permit 192.168.1.0 0.0.0.255 any 

 


2. make my web server 192.168.1.100 255.255.255.0 live from internet,

 

ip nat inside source static 192.168.1.100 https  196.190.29.82 https


my ISP gave me this

wan ip 10.136.65.150

subset mask 255.255.255.252
gateway 10.136.65.146

 

interface (whatever interface on your router will be the wan interface)

e.g.

interface GigabitEthernet0/1

ip address 10.136.65.150 255.255.255.252

no shut

ip nat outside

 

And for the LAN interface;

 

interface GigabitEthernet0/0

ip address 192.168.1.0 255.255.255.250

no shut

ip nat inside

 

and public IP address 196.190.29.81 and 196.190.29.82 (for my web server)

 

ip nat pool internetPool 196.190.29.81 196.190.29.81 netmask 255.255.255.255

 

ip route 0.0.0.0 0.0.0.0 10.136.65.146

 

ip nat inside source list 100 pool internetPool overload

 

internet is working using my tplink router using the wan ip (not the public ip )

 

Having said that, your public ip and gateway seem to be inconsistent. Please verify those details with your ISP. Once you have consistent ip and mask you may make the changes as suggested above.

 

20190118_215819.png

 

The valid range for your WAN network is 10.136.65.148 through 10.136.65.151. Your gateway is .146, placing it in a totally different subnet. You will need to correct that before any configurations can begin.

 

Remember to rate any posts that have been helpful.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

thanks !!! but why do i need netmask 255.255.255.255 in the "ip nat pool internetPool 196.190.29.81 196.190.29.81 netmask 255.255.255.255 ? "

@Aronamaha wrote:

thanks !!! but why do i need netmask 255.255.255.255 in the "ip nat pool internetPool 196.190.29.81 196.190.29.81 netmask 255.255.255.255 ? "

Hi, 

/32 netmask is used because the pool has one address, which basically makes it PAT. The other of your two addresses is consumed by the static nat to the web server.

 

 

Please rate any posts that have been

elpful.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.


@Aronamaha wrote:

I want to config. my Cisco 1941 router to
1. enable my LAN users to access internet
2. make my web server 192.168.1.100 255.255.255.0 live from internet,
my ISP gave me this

wan ip 10.136.65.150

subset mask 255.255.255.252
gateway 10.136.65.146


This is incorrect addressing 

10.136.65.148/30incorporates usable ip addresses of:

10.136.65.149 

10.136.65.150

 

not 10.136.65.146

 

So am I assuming this is typo?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

yes it was a typo sir , my gateway from ISP is 10.136.65.149 ! thanks . 

so can you help me in the configuration ! 

Hello

Then you nat configuration would be

 

access-list 1 permit 192.168.1.0 9.0.0.255

ip nat inside source-list 1 interface (wan)

ip nat inside source static tcp 192.168.1.100 80 10.36.65.150 80 extendable 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello,

 

since you have two additional public IP addresses, you could assign one of the IP addresses to the web server, that way you would not even need to NAT. Use one of the IP addesses for the server, and the other as the default gateway on your subinterface:

 

interface GigabitEthernet0/0
ip address 10.136.65.150 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
encapsulation dot1q 2
ip address 196.190.29.81 255.255.255.252
ip virtual-reassembly
duplex auto
speed auto
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
ip forward-porotocol nd
ip http server
no ip http secure-server
!
line con 0
no activation-character
line vty 0 4
login local
!
end

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco