12-17-2012 09:36 PM - edited 03-04-2019 06:26 PM
Hi Guys,
I am in the process of trying to create a DMZ using two routers and a switch and would like some assistance regarding NAT'ing the external IP to an Internal one. All internal devices can communicate with each other. We are using a router to act as a DMZ. This router directly connects to a switch on our LAN which is directly connected to its router. There is no physical connection between the DMZ router and the Internal router.
Currently, the main issue is that the external IP is not recognised from an external location i.e. from Home i cannot navigate to our external IP address through IE however, i can ping the IP successfully from an external location. The below config is our DMZ router.
Is there another command that i am missing? Our DNS records are still being generated but accessing via IP should still be working, right?
Your help is appreciated
Regards,
!
!
!
interface Ethernet0/0 ## External IP ##
ip address 10.10.10.10 255.255.255.252
ip nat outside
ip virtual-reassembly
half-duplex
!
interface FastEthernet0/0 ## Internal IP ##
ip address 192.168.20.200 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
!
interface FastEthernet0/0.1 ## Sub-Int created to talk to 11.0.0.0 nw ##
encapsulation dot1Q 11
ip address 11.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/0.2 ## Sub-Int created for Isolation VLAN ##
encapsulation dot1Q 10
ip address 192.168.1.254 255.255.255.0
no snmp trap link-status
!
interface Serial1/0
no ip address
shutdown
no fair-queue
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 11.0.0.0 255.255.255.0 192.168.20.254
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source list Allelse interface Ethernet0/0 overload (i am unable to remove this rule. get a 'dynamic mapping error')
!
!
access-list 1 permit 11.0.0.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 remark ## Control NAT Service ##
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
transport output telnet
!
end
Solved! Go to Solution.
12-19-2012 07:16 AM
Hi Angelo,
You need to configure static NAT if you would like to have access from internet to internal servers
I assume the IP you have put on the outside interface E0/0 is not the actual IP. You need to have public IP on your External interface
Thank you
Raju
12-17-2012 09:50 PM
Hi
Is the config you have pasted from DMZ router?
Is your servers using valid IP addreses or they have private IP and you want to use NAT?
Please provide a small topology showing connections
Thanks
Raju
12-18-2012 04:29 PM
Hello, thanks for the reply.
The above config is from the DMZ router. We have a pool of Public IP's and we would like to NAT our internal addresses to one or more of them. I have created a very simple network diagram and attached it.
Thanks again
12-19-2012 07:16 AM
Hi Angelo,
You need to configure static NAT if you would like to have access from internet to internal servers
I assume the IP you have put on the outside interface E0/0 is not the actual IP. You need to have public IP on your External interface
Thank you
Raju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide