Re: Cisco router NAT config for inbound access

Herman2018 · ‎12-09-2023

Hi, I am tring to config NAT on cisco router for inbound traffic for external users to access our internal web server. The network topology looks like below. ssh from Router2 (192.168.0.2) to server (10.0.0.10), the command is " ssh 1.1.3.3" it is successful,

but ssh from user PC , ssh 1.1.3.3 from iP 172.16.0.2, then failed, the destination IP is natted to 10.0.0.10, but no return traffic. From server, there is route to user PC. Can someone please advise, thanks in advance.

NAT config on Router1:

ip nat inside source static 10.0.0.10 1.1.3.3

int g0/0

ip nat outside

int g0/1

ip nat inside

MHM Cisco World · ‎12-09-2023

Because the server not use ssh port 22 it use other port.

Check this point.

MHM

Herman2018 · ‎12-09-2023

Thanks @MHM Cisco World for your advice. However, the server is listening on port 22. Can ssh to it from Router2.

MHM Cisco World · ‎12-09-2023

Ohh

I remember your case

You use ip nat outside source

Or

Ip nat inside source

What is interface in router1NAT inside and outside

Thanks

MHM

Herman2018 · ‎12-09-2023

I have told which interface is inside and outside, please see the above.

MHM Cisco World · ‎12-09-2023

I see

ip nat outside source static 1.1.3.3 10.0.0.10

Points to check

1- Router1 and Router2 must know the 10.0.0.0 i.e. there is prefix in it RIB

2- CE server must know 172.16.0.0 PC subnet i.e. it in RIB

MHM

Now the

paul driver · ‎12-09-2023

Hello
The CFG looks correct, as from R2 is reaches the internal server , which suggests from the NAT rtr 1, the 192.168.0.0 network is reachable but 172.16.0./24 network isnt

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul