Solved: NAT Internal Address to External IP

Angelo ANELLO · ‎12-17-2012

Hi Guys,

I am in the process of trying to create a DMZ using two routers and a switch and would like some assistance regarding NAT'ing the external IP to an Internal one. All internal devices can communicate with each other. We are using a router to act as a DMZ. This router directly connects to a switch on our LAN which is directly connected to its router. There is no physical connection between the DMZ router and the Internal router.

Currently, the main issue is that the external IP is not recognised from an external location i.e. from Home i cannot navigate to our external IP address through IE however, i can ping the IP successfully from an external location. The below config is our DMZ router.

Is there another command that i am missing? Our DNS records are still being generated but accessing via IP should still be working, right?

Your help is appreciated

Regards,

!

interface Ethernet0/0 ## External IP ##

ip address 10.10.10.10 255.255.255.252

ip nat outside

ip virtual-reassembly

half-duplex

!

interface FastEthernet0/0 ## Internal IP ##

ip address 192.168.20.200 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

!

interface FastEthernet0/0.1 ## Sub-Int created to talk to 11.0.0.0 nw ##

encapsulation dot1Q 11

ip address 11.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no snmp trap link-status

!

interface FastEthernet0/0.2 ## Sub-Int created for Isolation VLAN ##

encapsulation dot1Q 10

ip address 192.168.1.254 255.255.255.0

no snmp trap link-status

!

interface Serial1/0

no ip address

shutdown

no fair-queue

!

ip route 0.0.0.0 0.0.0.0 10.10.10.1

ip route 11.0.0.0 255.255.255.0 192.168.20.254

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface Ethernet0/0 overload

ip nat inside source list Allelse interface Ethernet0/0 overload (i am unable to remove this rule. get a 'dynamic mapping error')

!

access-list 1 permit 11.0.0.0 0.0.0.255

access-list 1 permit 192.168.20.0 0.0.0.255

access-list 1 remark ## Control NAT Service ##

!

control-plane

!

line con 0

line aux 0

line vty 0 4

exec-timeout 5 0

privilege level 15

logging synchronous

login local

transport input telnet

transport output telnet

!

end

Raju Sekharan · ‎12-19-2012

Hi Angelo,

You need to configure static NAT if you would like to have access from internet to internal servers

I assume the IP you have put on the outside interface E0/0 is not the actual IP. You need to have public IP on your External interface

Thank you

Raju

View solution in original post

Raju Sekharan · ‎12-17-2012

Hi

Is the config you have pasted from DMZ router?

Is your servers using valid IP addreses or they have private IP and you want to use NAT?

Please provide a small topology showing connections

Thanks

Raju

Angelo ANELLO · ‎12-18-2012

Hello, thanks for the reply.

The above config is from the DMZ router. We have a pool of Public IP's and we would like to NAT our internal addresses to one or more of them. I have created a very simple network diagram and attached it.

Thanks again

Raju Sekharan · ‎12-19-2012

Hi Angelo,

You need to configure static NAT if you would like to have access from internet to internal servers

I assume the IP you have put on the outside interface E0/0 is not the actual IP. You need to have public IP on your External interface

Thank you

Raju