cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2129
Views
10
Helpful
6
Replies

HTTP not working after NAT setup

matt_ccna
Level 1
Level 1

Hi,

After the configuration of NAT, my webserver (1.1.1.4) is not accessible anymore from outside (4.4.4.2).

ICMP is working, but browsing is not.

The problem must be a bad ACL configuration.

I tried various configurations, extended ACLs, just to allow all traffic but none of them worked.

Only the config "access-list 1 permit 0.0.0.0 0.0.0.0", but this is not how it should be.

R1#

%SYS-5-CONFIG_I: Configured from console by console

sh ru

Building configuration...

Current configuration : 662 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname R1

!

interface FastEthernet0/0

ip address 1.1.1.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 2.2.2.1 255.255.255.252

duplex auto

speed auto

!

interface Serial0/0

ip address 3.3.3.1 255.255.255.252

ip nat outside

clock rate 64000

!

ip nat inside source list 1 interface Serial0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

!

!

access-list 1 permit 1.1.1.0 0.0.0.255

!

!

line con 0

line vty 0 4

login

!

!

!

end

R1#

debug:

NAT: s=1.1.1.4->3.3.3.1, d=3.3.3.2 [853]

NAT*: s=3.3.3.2, d=3.3.3.1->1.1.1.4 [387]

NAT*: s=1.1.1.4->3.3.3.1, d=3.3.3.2 [854]

NAT*: s=1.1.1.4->3.3.3.1, d=3.3.3.2 [855]

NAT*: s=3.3.3.2, d=3.3.3.1->1.1.1.4 [388]

NAT*: s=3.3.3.2, d=3.3.3.1->1.1.1.4 [389]

NAT*: s=1.1.1.4->3.3.3.1, d=3.3.3.2 [856]

NAT*: s=1.1.1.4->3.3.3.1, d=3.3.3.2 [857]

NAT*: s=3.3.3.2, d=3.3.3.1->1.1.1.4 [390]

NAT*: s=3.3.3.2, d=3.3.3.1->1.1.1.4 [391]

6 Replies 6

johnlloyd_13
Level 9
Level 9

Hi Matt,

I suspect your problem is already on the webserver's application since ping is ok and no ACLs are applied to your interfaces.

Was it working before applying NAT? Could you do a telnet 80 to your websever from R1?

Sent from Cisco Technical Support iPhone App

I have acces without NAT.

Telnet also works.

Hi,

After the configuration of NAT, my webserver (1.1.1.4) is not accessible anymore from outside (4.4.4.2).

ICMP is working, but browsing is not.

NAT is working from Inside to Outside without any problem as suggest the ICMP success as well as the NAT debug output.

But if you're trying to access your inside server from 4.4.4.2 then you need a static NAT or static PAT not NAT overload.

Is this a Packet Tracer file ? if so can you post it here.

Regards.

Alain.

Don't forget to rate helpful posts.

Rajeev Ranjan
Level 1
Level 1

Hi Matt

Remove static entry ip route 0.0.0.0 0.0.0.0 Serial0/0.

Hi,

I would try to exempt 1.1.1.4 from nat :

no access-list 1

access-list 1 deny host 1.1.1.4

access-list 1 permit 1.1.1.0 0.0.0.255

Dan

matt_ccna
Level 1
Level 1

@Dan-Ciprian Cicioiu and @cadet alain: Both methods worked out well, thx for the tips.

Review Cisco Networking for a $25 gift card