Showing results for 
Search instead for 
Did you mean: 

NAT issues

Hi all,

I have some annoying problem with NAT.

So the thing is: I have a public IP range ( assigned to some clients in building. Than I have a private network ( and in this network I have a web server. This server supposed  to be accessable from the web, so I wrote a static nat rule

ip nat inside source static tcp 80 80

This is working fine until  I have clients from 'inside' public range of - they can ping this ( ip address, but they can't connect to port 80 (web-server). I have no problems with 'Internet-clients' - NAT is working fine for them, the only problem is this range.

When I tried

ip nat traslations 

I'm getting good translations from Intrnet, and no translations from the inside public range.

It is possible, that it is not a NAT issue, cause  I'm using the NAT-on-a-stick (have only one interface on a router, couple of vlans - legacy confs...) So this process is setup just on one phys interface with a bunch of subifs.

Maybe I should try doing NAT throug the Loopback or throug the NVI? I realy can't see what is the difference...


Everyone's tags (4)

NAT issues

Hi T.Yermolenko

How about the telnet to port 80 for Does that go through ?

Can you apply an extened ACL and do a match for the Server and Port 80 and log it and see if we have matching packets ?

Personally I don't think NAT-on-a-stick will cause any issues if we have the right routing and NAT configs in place..




Re: NAT issues

Hi Varma,

The thing is - I can use web-server normally if I'm "in the Internet" But. I can't use it from any address in network - though I can ping server's external IP (in this case and get reply from it. But I can't connect to port 80. And when I check nat translations - there no any in table. Again, if I'm using any other source except  - its working perfect.



Re: NAT issues

Hi Taras

What about normal telnet to port 23 from Subnet to think the NAT Translations are not seen as the Interface on which the packet sourced from arrives is not a NATTed Interface...

If we enable ip nat outside on the subnet we should be seeing the translations..

Meanwhile I am thinking what could be allowing ping response to the Private IP but restricting TCP 80 connections..



Frequent Contributor

NAT issues

If I got it right, I think NVI should fix it, because when you did NAT you assigned your Internet interface the NAT outside, and the sub-interface connected to the private IP range the NAT inside so the sub-interface connected to the public IP range does not apply to the NAT rule you configured..


Posted by WebUser Ahmed Rasmy

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards