Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6227
Views
0
Helpful
6
Replies

NAT configuration to access my internal web server from outside

kiloumustafa
Level 1
Level 1

‎12-20-2012 01:54 AM - edited ‎03-04-2019 06:27 PM

Hello,

I am trying to configure NAT translation, to allow external users ( internet) to access my internal server through NAT translation,port 7778 but i did acheave my goal, the same methods i have tried in Juniper Firewall and worked, wondring what coulde be the reason that it does not work with me in Cisco 1800 series.please advice..

My Static IP address is: 89.xx.xx.100

my internal web server is: 192.168.12.10

the setting i have configured is:

interface FastEthernet0/0

ip address 192.168.11.200 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 89.xx.xx.100 255.255.252.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 89.xx.xx.97

ip route 192.168.12.0 255.255.255.0 192.168.11.1

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.12.10 7778 interface FastEthernet0/1 7778

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.12.0 0.0.0.255

access-list 1 permit 192.168.11.0 0.0.0.255

Labels:
0 Helpful
6 Replies 6

Abzal
Level 7
Level 7

‎12-20-2012 02:00 AM

Hi,

The NAT itself looks fine, but maybe problem with with route:

ip route 192.168.12.0 255.255.255.0 192.168.11.1

Is 192.168.11.1 some kind of router? Could you ping from this router to internal web server? if not try to set up a reverse route on connected router.

Hope it will help.

Best regards,
Abzal
0 Helpful

kiloumustafa
Level 1
Level 1
In response to Abzal

‎12-20-2012 02:12 AM

yes i can ping, the 192.168.11.1 is connected to the router throgh f0/0 and it is my core switch with different vlans,and all VLANs communication to each other throgh encapsulation dot q.

0 Helpful

Abzal
Level 7
Level 7
In response to kiloumustafa

‎12-20-2012 02:30 AM

Are you able to access to web server from internal network? Is web server listening on port 7778? Is there any ACL on core switch interface that might be blocking connection?

Abzal

Best regards,
Abzal
0 Helpful

johnlloyd_13
Level 9
Level 9

‎12-20-2012 02:08 AM

Hi,

Your webserver's subnet is different from that of FE0/0. It's only doing internal NAT for the 192.168.11.0/24.

Sent from Cisco Technical Support iPad App

0 Helpful

kiloumustafa
Level 1
Level 1
In response to johnlloyd_13

‎12-20-2012 02:18 AM

r u sure about this information?

anyway i changed the command to another IP address, i have abother web server which is 192.168.11.11

ip nat inside source static tcp 192.168.11.11 7778 interface FastEthernet0/1 7778

But no luck..

0 Helpful

kiloumustafa
Level 1
Level 1
In response to johnlloyd_13

‎12-20-2012 02:40 AM

ok Johnlloyd,

i could manage it with 192.168.11.11, after i changed its gateway from 192.168.11.1 into 192.168.11.200

i am thinking now how to NAT with differnet subnet!! how i can make 192.168.12.10 accassble through NAT with different subnet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card