Configuring incoming PAT/NAT in specific port CISCO Router
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2019 02:57 PM
Hello fellow experts,
We are having a pretty rough time trying to configure a NAT/PAT in one of our internet routers, and i think someone here can help us with some ideas. The scenario is this:
- We have a router connected to internet and performing NAT overload to allow our users to navigate with the public IP address (just one) while masking our internal private IPs.
- We need to expose one service to internet over the same IP address (lets say some webpage at port 8080), and need to configure the incoming connections to be routed to some specific internal IP without disrupting our users internet connectivity.
Sadly, we dont have other public IP address to NAT the connection over other IP, and we are looking at many examples over the internet but we dont find some suitable method to configure a NAT pool or ACL to allow the incoming connection specifically. Can someone advice something to us about this?
Our router working configuration is this (similar, btw):
interface GigabitEthernet0/0/0 description OUTSIDE_ADDRESS ip address <<OUTSIDE PRIVATE ADDRESS>> ip nat outside interface GigabitEthernet0/0/1.1 description INSIDE_ADDRESS encapsulation dot1Q 1 ip address <<INSIDE PRIVATE ADDRESS>> ip nat inside ip nat pool NAME <<PUBLIC IP>> <<PUBLIC IP>> netmask <<MASK>> ip nat inside source list 3 pool NAME overload ip route 0.0.0.0 0.0.0.0 <<OUTSIDE PRIVATE ADDRESS NEXT-HOP>> access-list 3 permit <<INSIDE PRIVATE ADDRESS>> <<MASK>>
And we need to allo that someone outside can open some webpage at <<PUBLIC IP>>:8080 that will be routed to some internal private IP address.
Is this even possible?
Thanks at advance and best regards!
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2019 03:25 PM - edited 08-14-2019 03:27 PM
Hi @EduardR ,
Try this:
no ip nat pool NAME <<PUBLIC IP>> <<PUBLIC IP>> netmask <<MASK>>
no ip nat inside source list 3 pool NAME overload
ip nat inside source list 3 interface g0/0/0 overload
ip nat inside source static tcp <<IP WEB SERVER>> 8080 <<PUBLIC IP>> 8080 extendable
Check this link:
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2019 08:59 AM
Thank you for the advice, we will try it.
I have another question, we are trying to get another public IP address for another user group and the configuration will look like this one:
interface GigabitEthernet0/0/0 description OUTSIDE_ADDRESS ip address <<OUTSIDE PRIVATE ADDRESS>> ip nat outside interface GigabitEthernet0/0/1.1 description INSIDE_ADDRESS_1 encapsulation dot1Q 1 interface GigabitEthernet0/0/1.2 description INSIDE_ADDRESS_2 encapsulation dot1Q 2 ip address <<INSIDE PRIVATE ADDRESS>> ip nat inside ip nat pool NAME_1 <<PUBLIC IP 1>> <<PUBLIC IP 1>> netmask <<MASK>> ip nat pool NAME_2 <<PUBLIC IP 2>> <<PUBLIC IP 2>> netmask <<MASK>> ip nat inside source list 3 pool NAME_1 overload ip nat inside source list 4 pool NAME_2 overload ip route 0.0.0.0 0.0.0.0 <<OUTSIDE PRIVATE ADDRESS NEXT-HOP>> access-list 3 permit <<INSIDE PRIVATE ADDRESS_1>> <<MASK>> access-list 4 permit <<INSIDE PRIVATE ADDRESS_2>> <<MASK>>
Both public IP uses the same private outside connection. It is possible to use the same scheme for this scenario? I am not pretty sure about this line:
ip nat inside source list 3 interface g0/0/0 overload
Because both public IP will use the g0/0/0.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2019 09:12 AM
Hi @EduardR ,
In this second scenario, you can try the settings you indicate, but, adding this configuration:
ip nat inside source static tcp <<IP WEB SERVER>> 8080 <<PUBLIC IP>> 8080 extendable
Regards
