08-14-2019 02:57 PM
Hello fellow experts,
We are having a pretty rough time trying to configure a NAT/PAT in one of our internet routers, and i think someone here can help us with some ideas. The scenario is this:
Sadly, we dont have other public IP address to NAT the connection over other IP, and we are looking at many examples over the internet but we dont find some suitable method to configure a NAT pool or ACL to allow the incoming connection specifically. Can someone advice something to us about this?
Our router working configuration is this (similar, btw):
interface GigabitEthernet0/0/0 description OUTSIDE_ADDRESS ip address <<OUTSIDE PRIVATE ADDRESS>> ip nat outside interface GigabitEthernet0/0/1.1 description INSIDE_ADDRESS encapsulation dot1Q 1 ip address <<INSIDE PRIVATE ADDRESS>> ip nat inside ip nat pool NAME <<PUBLIC IP>> <<PUBLIC IP>> netmask <<MASK>> ip nat inside source list 3 pool NAME overload ip route 0.0.0.0 0.0.0.0 <<OUTSIDE PRIVATE ADDRESS NEXT-HOP>> access-list 3 permit <<INSIDE PRIVATE ADDRESS>> <<MASK>>
And we need to allo that someone outside can open some webpage at <<PUBLIC IP>>:8080 that will be routed to some internal private IP address.
Is this even possible?
Thanks at advance and best regards!
08-14-2019 03:25 PM - edited 08-14-2019 03:27 PM
Hi @EduardR ,
Try this:
no ip nat pool NAME <<PUBLIC IP>> <<PUBLIC IP>> netmask <<MASK>>
no ip nat inside source list 3 pool NAME overload
ip nat inside source list 3 interface g0/0/0 overload
ip nat inside source static tcp <<IP WEB SERVER>> 8080 <<PUBLIC IP>> 8080 extendable
Check this link:
Regards
08-15-2019 08:59 AM
Thank you for the advice, we will try it.
I have another question, we are trying to get another public IP address for another user group and the configuration will look like this one:
interface GigabitEthernet0/0/0 description OUTSIDE_ADDRESS ip address <<OUTSIDE PRIVATE ADDRESS>> ip nat outside interface GigabitEthernet0/0/1.1 description INSIDE_ADDRESS_1 encapsulation dot1Q 1 interface GigabitEthernet0/0/1.2 description INSIDE_ADDRESS_2 encapsulation dot1Q 2 ip address <<INSIDE PRIVATE ADDRESS>> ip nat inside ip nat pool NAME_1 <<PUBLIC IP 1>> <<PUBLIC IP 1>> netmask <<MASK>> ip nat pool NAME_2 <<PUBLIC IP 2>> <<PUBLIC IP 2>> netmask <<MASK>> ip nat inside source list 3 pool NAME_1 overload ip nat inside source list 4 pool NAME_2 overload ip route 0.0.0.0 0.0.0.0 <<OUTSIDE PRIVATE ADDRESS NEXT-HOP>> access-list 3 permit <<INSIDE PRIVATE ADDRESS_1>> <<MASK>> access-list 4 permit <<INSIDE PRIVATE ADDRESS_2>> <<MASK>>
Both public IP uses the same private outside connection. It is possible to use the same scheme for this scenario? I am not pretty sure about this line:
ip nat inside source list 3 interface g0/0/0 overload
Because both public IP will use the g0/0/0.
08-15-2019 09:12 AM
Hi @EduardR ,
In this second scenario, you can try the settings you indicate, but, adding this configuration:
ip nat inside source static tcp <<IP WEB SERVER>> 8080 <<PUBLIC IP>> 8080 extendable
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide