04-09-2015 01:50 AM - edited 03-05-2019 01:12 AM
Hi,
We have a router 2911 and couple global (internet) IPs. One IP address we use for our website, and the second IP we use for users. So we use NAT to translate local IPs to outside (nat overload) for users, and static NAT translation for website. Our website accessible from outside, but LAN users can't get access to server using outside IP.
Test stand config:
interface GigabitEthernet0/0
description LAN | Local Network
ip address 2.2.2.254 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
description WAN
ip address 1.1.1.254 255.255.255.0
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/2
description DMZ
ip address 5.5.5.254 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip nat inside source route-map nat interface GigabitEthernet0/1 overload
ip nat inside source static tcp 5.5.5.5 80 1.1.1.5 80 extendable
ip route 0.0.0.0 0.0.0.0 1.1.1.100
!1.1.1.100 ISP DG
!172.172.0.0 - vpn ip pool
access-list 110 deny ip 2.2.2.0 0.0.0.255 172.172.0.0 0.0.255.255
access-list 110 permit ip 2.2.2.0 0.0.0.255 any
route-map nat permit 10
match ip address 110
match interface GigabitEthernet0/1
The question is - is it possible to make users get access to local website using global IP - 1.1.1.5?
Any suggestions?
04-09-2015 11:14 PM
The problem not solved, but I found that if ip address on outside nat interface (in my config 1.1.1.254) different from IP pool that I use for translation for 7.7.7.5 for local 5.5.5.5 and 7.7.7.1 for any local 2.2.2.0 network (but in my config 1.1.1.5 and overload 1.1.1.254) and ISP has route to this pool, users from local network can get access to local server useing outside global IP.
Any comments?
04-09-2015 11:25 PM
And one more - I can't debug ISPs router and I don't really understand how it works)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide