cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2750
Views
30
Helpful
22
Replies

NAT with a single IP address for servers and hosts

_rucisco_
Level 1
Level 1

Dear community,

 

I have a LAN with a Web (.2) and ssh (.3) servers, and PCs all in the same network range (192.168.1.0/24). I would like to have my servers accessible from the outside of the network and at the same time also allow the PCs to ping/surf outside, with the public IP address of the router (15.214.21.3.).

 

I tried with this configuration on my router:

 

ip nat pool NAT_POOL 15.214.21.3 15.214.21.3 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
ip nat inside source static tcp 192.168.1.2 80 15.214.21.3 80
ip nat inside source static tcp 192.168.1.3 21 15.214.21.3 22
!
access-list 10 permit 192.168.1.0 0.0.0.255

But when I try to ping outside, the router complains that I cannot allocate an IP address. I thought this could be solved with the overload parameter but it doesn't solve the problem.

 

How can I use a single public IP address for exposing servers and allowing my PCs outside?

 

BTW, I am configuring this on Packet Tracer.

Thanks

22 Replies 22

Hi @Georg Pauwen 

 

Thanks again for your time.

 

I just opened your file in PT 8.0.1 (under Mac OS 10.15.7) and I get the same error. See attached snapshot.

 

I would think there is something wrong with PT 8.0.1 under Mac after you saying it works on your side but the same error appears on PT 6.0.1 under Win7. What is going on here?

 

Thanks

 

Screenshot 2021-10-21 at 09.31.30.png

 

 

Hello,

 

I am getting the same error now...weird. There are a lot of flaws in Packet Tracer, this seems to be one of them. Without the static entries, everything works fine:

 

ip nat pool NAT_POOL 209.165.201.1 209.165.201.1 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
!
access-list 10 permit 192.168.10.0 0.0.0.255

 

I am going to test this on a real router, to verify if it really is a bug in Packet Tracer. Will get back with you...

But without the static entries, how does the router know that an external packet is addressed to the WWW server or the FTP server?

 

Thanks a lot!

Hello,

 

I just tested this on real routers, your config works without any problem, so it looks like it is definitely a bug in Packet Tracer...

Thansk for checking it out!

 

Could you please share with us as snapshot of the nat translation table after you ping outside?

 

Also, can you comment on my previous question? You said that without the static entries in the NAT table it worked but it seems to me that not having those entries would only allow outgoing traffic and if you want to access any of the servers that won't work. Isn't this right?

 

Thanks again

 

 

Hello,

 

I just opened the file again, and now the PING works with and without the static entries. Rather annoying, as there does not seem to be a consistent pattern to this...

 

As to your second question, indeed without the static entries, the servers cannot be reached from the outside, and connections can only be initiated from the inside.

Oh, really? This is the kind of things I hate from PT

 

I tried once more to see if I could get it to work but it doesn't. I cannot get through the router to the outside. The point is, how does it show the nat transalation table when you get the messages through? Can you please send a snaphot? I would like to see it.

 

Thanks

 

 

Well, I tried this on GNS3 and it works perfectly fine just as @Georg Pauwen said.

 

Could I contact someone to inform about this problem in order for them to fix it?

 

Thanks for your support @Georg Pauwen @paul driver 

Review Cisco Networking for a $25 gift card