cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6228
Views
0
Helpful
6
Replies

NAT configuration to access my internal web server from outside

kiloumustafa
Level 1
Level 1

Hello,

I am trying to configure NAT translation, to allow external users ( internet) to access my internal server through NAT translation,port 7778 but i did acheave my goal, the same methods i have tried in Juniper Firewall and worked, wondring what coulde be the reason that it does not work with me in Cisco 1800 series.please advice..

My Static IP address is: 89.xx.xx.100

my internal web server is: 192.168.12.10

the setting i have configured is:

interface FastEthernet0/0

ip address 192.168.11.200 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 89.xx.xx.100 255.255.252.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 89.xx.xx.97

ip route 192.168.12.0 255.255.255.0 192.168.11.1

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.12.10 7778 interface FastEthernet0/1 7778

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.12.0 0.0.0.255

access-list 1 permit 192.168.11.0 0.0.0.255

6 Replies 6

Abzal
Level 7
Level 7

Hi,

The NAT itself looks fine, but maybe problem with with route:

ip route 192.168.12.0 255.255.255.0 192.168.11.1

Is 192.168.11.1 some kind of router? Could you ping from this router to internal web server? if not try to set up a reverse route on connected router.

Hope it will help.

Best regards,
Abzal

yes i can ping, the 192.168.11.1 is connected to the router throgh f0/0 and it is my core switch with different vlans,and all VLANs communication to each other throgh encapsulation dot q.

Are you able to access to web server from internal network? Is web server listening on port 7778? Is there any ACL on core switch interface that might be blocking connection?

Abzal

Best regards,
Abzal

johnlloyd_13
Level 9
Level 9

Hi,

Your webserver's subnet is different from that of FE0/0. It's only doing internal NAT for the 192.168.11.0/24.

Sent from Cisco Technical Support iPad App

r u sure about this information?

anyway i changed the command to another IP address, i have abother web server which is 192.168.11.11

ip nat inside source static tcp 192.168.11.11 7778 interface FastEthernet0/1 7778

But no luck..

ok Johnlloyd,

i could manage it with 192.168.11.11, after i changed its gateway from 192.168.11.1 into 192.168.11.200

i am thinking now how to NAT with differnet subnet!! how i can make 192.168.12.10 accassble through NAT with different subnet.

Review Cisco Networking for a $25 gift card