I'm wondering about NAT loopback.
My problem is this:
I have 1 router Cisco 2911 that is the default gateway of the network. Then I have 1 web server and 1 PC on the internal network.
the routers external IP is 10.0.0.1 /24
I have done the following: ip nat inside source static 192.168.10.20 10.0.0.10
I want my PC to be able to reach the web sites on the server through the "external address". Is that possible, to go out through the router and back in again?
Kind regards, Tommy
Just noticed your updated config further below;
Can you try using a standard acl in your nat statement instead?
Did you read my edited post?
I labbed this up and it worked So can you confirm your config again as I don't see why it should not work for you.
I can back Paul on this. I just loaded this up on my router and had no trouble:
interface GigabitEthernet0/0 description LAN ip nat enable ! interface GigabitEthernet0/1 description WAN ip nat enable ! object-group network OG_RFC1918 10.0.0.0 255.0.0.0 172.16.0.0 255.240.0.0 192.168.0.0 255.255.0.0 ! ip access-list extended ACL_NAT_NVI permit ip object-group OG_RFC1918 any ! route-map RM_NAT_NVI permit 10 match ip address ACL_NAT_NVI match interface GigabitEthernet0/1 ! ip nat source route-map RM_NAT_NVI interface GigabitEthernet0/1 overload ip nat source static tcp 172.23.0.2 80 interface GigabitEthernet0/1 80
Opening a web browser to my public IPv4 address on GigabitEthernet0/1 from a client on the LAN interface brings up the web page without any difficulty.
Are you able to open a telnet session from the router to 80/tcp on your web server using the WAN interface as the source? If there's a routing problem on the host preventing traffic from getting back, that will trip things up.
No it dosen't work unfortunatly. The config is the same as the last message with Paul if you wanna take a look. On the PC it's nothing special done and it works externally to access the PC on port 80.
Router01#telnet 192.168.99.250 80 /source-interface gigabitEthernet 0/1
Trying 192.168.99.250, 80 ...
% Connection timed out; remote host not responding
It also works to telnet from 192.168.99.254 that is my "external" default gateway.
SWITCH_L3_1#telnet 192.168.99.250 80
Trying 192.168.99.250, 80 ... Open
The fact that you can't connect from the router using the outside interface makes me think that this goes beyond a NAT problem. If your web server is using your router as the default gateway, you should be able to connect to it using the WAN interface of the router as a source... regardless of the NAT configuration.
A few questions to ask here. Is the web server using the router as its default gateway? Does the web server have any other interfaces on it? Is there any kind of host-based firewall active that is restricting connections from specific sources?
Hold on... missed something there. Scratch that. Can you try connecting to the web server's actual IP address using GigabitEthernet0/1 as the source? Not worried about the NAT address at this point.
Makes me think possible IOS ..
what version are you using?
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M2, RELEASE SOFTWARE (fc2)
Could it be this version?
Kind regards, Tommy
It's possible. 15.2.4M2 has been superseded by a number of patch releases since then. Last I looked it was up to 15.2.4M6a. Personally, I've been standardizing on 15.3.3M4 for all of my ISR G2s.