04-03-2020 10:30 AM
Hello Everyone
im new to working in cisco enviroment recently i configure a cisco router for the customer and i configured NAT outside on the uplink interface which is coming from ISP and configured NAT inside on the LAN interface with ip address 192.168.1.1 ,
Recently i got request from that customer that he need to access his webserver from the outside and he provide me some information to configure on router as this is the first time i recieved that request please let me know how can i succesfully configure this to work . Below is the information provided by customer and its not very clear for me to understand .
Customer needs to configure Nat inside to outside as the below guide
nat (inside,outside) 1 source static 192.168.1.96-89.xxx.xxx.133
access-list outside-acl extended permit tcp any host 192.168.1.96 eq 443
04-03-2020 11:05 AM
if it is IOS router you can have simple command for static NAT
ip nat inside source static tcp Private-IP 443 Public-IP 443 extendable
04-03-2020 11:34 AM
yes its a IOS router . So thats all required to make this work ? what about the access list which customer describe and any need to apply access list interface like inbound or outbound ?
04-03-2020 12:05 PM
the command i have provide for incoming traffic from outside to inside.
I was in impression inside to outside already working. if not the case please provide complete configuration so we can suggest better after reviewing the config.
04-03-2020 01:00 PM
Uplink coming from ISP
interface GigabitEthernet0/0.304
description UPLINK-DIA
encapsulation dot1Q 304
ip vrf forwarding DIA
ip address 89.xxx.xxx.130 255.255.255.252
ip nat outside
ip virtual-reassembly in
______________________________________________________
Downlink going to customer LAN
interface GigabitEthernet0/2
description DIA-DOWN-LINk
ip vrf forwarding DIA
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
Customer request : needs to configure Nat inside to outside as the below guide
nat (inside,outside) 1 source static 192.168.1.96-89.xxx.xxx.133
access-list outside-acl extended permit tcp any host 192.168.1.96 eq 443
04-04-2020 04:03 AM
Hi,
This "nat (inside,outside) 1 source static 192.168.1.96-89.xxx.xxx.133 " is a static NAT, and on the ASA you had to explicitly allow traffic to flow from low-security to high-security via an ACL.
On the IOS, as long as you don't run ZBFW, which you don't, traffic is allowed by default. So with the resented configuration you only need what was specified above:
ip nat inside source static tcp 192.168.1.96 443 89.xxx.xxx.133 443
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide