cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1895
Views
30
Helpful
22
Replies

NAT with a single IP address for servers and hosts

_rucisco_
Level 1
Level 1

Dear community,

 

I have a LAN with a Web (.2) and ssh (.3) servers, and PCs all in the same network range (192.168.1.0/24). I would like to have my servers accessible from the outside of the network and at the same time also allow the PCs to ping/surf outside, with the public IP address of the router (15.214.21.3.).

 

I tried with this configuration on my router:

 

ip nat pool NAT_POOL 15.214.21.3 15.214.21.3 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
ip nat inside source static tcp 192.168.1.2 80 15.214.21.3 80
ip nat inside source static tcp 192.168.1.3 21 15.214.21.3 22
!
access-list 10 permit 192.168.1.0 0.0.0.255

But when I try to ping outside, the router complains that I cannot allocate an IP address. I thought this could be solved with the overload parameter but it doesn't solve the problem.

 

How can I use a single public IP address for exposing servers and allowing my PCs outside?

 

BTW, I am configuring this on Packet Tracer.

Thanks

1 Accepted Solution

Accepted Solutions

Hello,

 

I just tested this on real routers, your config works without any problem, so it looks like it is definitely a bug in Packet Tracer...

View solution in original post

22 Replies 22

Hello

Is 15.214.21.3 reachable on the outside network?

Have you related the wan/lan interfaces with the outside/inside nat domains?

Do you have default route pointing to the outside network?

 

int x/x
description WAN
ip nat outside

int x/x
description LAN
ip nat inside

ip route 0.0.0.0 0.0.0.0 <wan interface>  15.214.21.x


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi @paul driver.

 

Thank you for your support. Yes, I did all you mention.

 

interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 15.214.21.3 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip nat pool NAT_POOL 15.214.21.3 15.214.21.3 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
ip nat inside source static tcp 192.168.1.2 80 15.214.21.3 80 
ip nat inside source static tcp 192.168.1.5 20 15.214.21.3 22 
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 
!
!
access-list 10 permit 192.168.1.0 0.0.0.255

Any other ideas?

 

Thanks!

 

 

Hello

whats connected to the inside interface and how is it connected?

 

does the client have a valid ip address/subnetmask/default gateway?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello,

 

can you post the zipped Packet Tracer project (.pkt) file ? This could be a flaw in Packet Tracer itself...

Hi @paul driver @Georg Pauwen,

 

I am attaching the original file I was working on.

 

The IPs and ports are not exactly the same ones I was showing here but the configuration is virtually the same except for that.

 

Thanks

 

 

The file has errors unfortunately, and none of the devices can be opened. What version and what OS did you save this in ?

It was made on PT 6.0.1 on a Windows 7 box.

 

SHA-1 of the file is as follows:

6baea9cbcd4d492b412ecac9588dd564b9629361 nat.zip

 

Can you check if you downloaded the file correctly?

 

Thanks

Hello,

 

that right there might be the problem: you are using a very outdated version of Packet Tracer on a very outdated operating system.

 

Post the full running config of the router (sh run) and I'll rebuild this in the latest PT version in order to check if the issue remains...

Hi,


The result of the command is as follows:

 

Router#sh run
Building configuration...

Current configuration : 1021 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 209.165.201.1 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip nat pool NAT_POOL 209.165.201.1 209.165.201.1 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
ip nat inside source static tcp 192.168.10.2 80 209.165.201.1 80 
ip nat inside source static tcp 192.168.10.5 21 209.165.201.1 21 
ip nat inside source static tcp 192.168.10.5 20 209.165.201.1 20 
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 
!
ip flow-export version 9
!
!
access-list 10 permit 192.168.10.0 0.0.0.255
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end

Thanks for the effort!

Hi,

 

For some reason I cannot see my last message... I was able to open my .pkt in Packet Tracer 8.0.1 on a Mac OS 10.15.7 (but it still doesn't work). The result of sh run (in PT 8.0.1) after a bit of editing for removing ! symbols:

 

Router#sh run
Building configuration...

Current configuration : 1021 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
ip cef
no ipv6 cef
!
spanning-tree mode pvst
!
interface FastEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 209.165.201.1 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip nat pool NAT_POOL 209.165.201.1 209.165.201.1 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
ip nat inside source static tcp 192.168.10.2 80 209.165.201.1 80 
ip nat inside source static tcp 192.168.10.5 21 209.165.201.1 21 
ip nat inside source static tcp 192.168.10.5 20 209.165.201.1 20 
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 
!
ip flow-export version 9
!
access-list 10 permit 192.168.10.0 0.0.0.255
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end

Hi @Georg Pauwen @paul driver 

I posted the result of sh run twice but it doesn't show up. I am attaching it as a zip file in case there is a problem with its length or something...

I managed to open the pkt file in PT8.0.1 but it doesn't work either. The ouput of sh run is also included for this version.

Thanks

Hello,

 

so I have rebuilt your topology...what exactly are you pinging, and from where ? All my pings go through...

 

Can you post a screenshot of the actual error ?

Hi,

Thanks for the effort.

 

I can access WWW from PC0 but when I ping PC0 from inside (e.g. PC1) the packet is dropped at the router the reason being that the "router cannot allocate an available IP address for translation" (see red circle in the snapshot).

 

Thanks

Screenshot 2021-10-20 at 22.58.20.png

 

 

 

 

Helo,

 

I have attached 'my' lab (which should be an almost identical copy of yours), I can ping end to end, maybe you can find a difference...

 

You need PT version 8 to open the file...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco