Re: Issue with accessing server after NAT

maciumpek91 · ‎02-03-2018

Hello I need some help

I have 2921 Cisco router. It is main router in my workplace. My net prowider gave me pool of public adresses. My web server is accessible on public ip adress: A.A.A.A from anywhere.

After doing NAT to another public address ( let's say B.B.B.B) from my local network 192.168.1.0 netmask 255.255.255.0 I can't access this server by it's public address (A.A.A.A) from any local network host. There is no problem when I address any host directly by any address from my public pool.

Do You have any idea why it is happening ?

I am sending my config:

urrent configuration : 988 bytes
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> version 15.1
>>>>>>>
>>>>>>> no service timestamps log datetime msec
>>>>>>>
>>>>>>> no service timestamps debug datetime msec
>>>>>>>
>>>>>>> service password-encryption
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> hostname AP
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> spanning-tree mode rapid-pvst
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> interface GigabitEthernet0/0
>>>>>>>
>>>>>>> description ## WAN ##
>>>>>>>
>>>>>>> ip address B.B.B.B 255.255.255.252
>>>>>>>
>>>>>>> no ip proxy-arp
>>>>>>>
>>>>>>> ip nat outside
>>>>>>>
>>>>>>> duplex auto
>>>>>>>
>>>>>>> speed auto
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> interface GigabitEthernet0/1
>>>>>>>
>>>>>>> description ## LAN ##
>>>>>>>
>>>>>>> ip address 192.168.1.1 255.255.255.0
>>>>>>>
>>>>>>> no ip proxy-arp
>>>>>>>
>>>>>>> ip nat inside
>>>>>>>
>>>>>>> duplex auto
>>>>>>>
>>>>>>> speed auto
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> ip nat pool NAT_POOL B.B.B.B B.B.B.B netmask
>>>>>>> 255.255.255.240
>>>>>>>
>>>>>>> ip nat inside source list 100 pool NAT_POOL
>>>>>>>
>>>>>>> ip classless
>>>>>>>
>>>>>>> ip route 0.0.0.0 0.0.0.0 C.C.C.C
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> access-list 100 remark == NAT ACL ==
>>>>>>>
>>>>>>> access-list 100 permit ip 192.168.1.0 0.0.0.255 any
>>>>>>>

Thank You for help

Jon Marshall · ‎02-03-2018

Your description is not very clear. eg, you mention NAT for your web server but there is no sign of that in the config you posted.

Could you clarify.

Jon

maciumpek91 · ‎02-04-2018

Dear Jon

tThank You for reply.

The web server is connected by antoher small router. This small router has one of public addresses and it gives local ip for server. But it works. It is visible from internet .So to be clear I can access to my website from everywhere but as I wrote any host connected to the interface that has NAT can not access this server- can not access my website. I am wondering if the problem can be with access-list ?

Best regards

paul driver · ‎02-04-2018

Hello

nat hairpining should resolve enabling you to access your internal web server via it public nat address

https://supportforums.cisco.com/t5/wan-routing-and-switching/nat-reflection-nat-hairpin-on-a-cisco-router/td-p/3302833

https://supportforums.cisco.com/t5/wan-routing-and-switching/nat-hairpinning/td-p/2475807

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Georg Pauwen · ‎02-04-2018

Hello,

how is the other small router connected to the Cisco ? Post a schematic drawing of what your setup looks like...

maciumpek91 · ‎02-05-2018

So this is block schematic. I know it is a little bit crazy how it is connected but this is what I'be got from predecessor.

When I will connect to the the whole local hosts to the other small router with WAN 212.87.232.8 everything works. But I want to achive it from int Vlan 1 on Cisco.

Georg Pauwen · ‎02-05-2018

Hello,

you are using the same address space (192.168.1.x) on two different networks. What happens when you change the Vlan 1 addressing scheme to something unique, like 192.168.2.x ?