I have a LAN with a Web (.2) and ssh (.3) servers, and PCs all in the same network range (192.168.1.0/24). I would like to have my servers accessible from the outside of the network and at the same time also allow the PCs to ping/surf outside, with the public IP address of the router (184.108.40.206.).
I tried with this configuration on my router:
ip nat pool NAT_POOL 220.127.116.11 18.104.22.168 netmask 255.255.255.0 ip nat inside source list 10 pool NAT_POOL overload ip nat inside source static tcp 192.168.1.2 80 22.214.171.124 80 ip nat inside source static tcp 192.168.1.3 21 126.96.36.199 22 ! access-list 10 permit 192.168.1.0 0.0.0.255
But when I try to ping outside, the router complains that I cannot allocate an IP address. I thought this could be solved with the overload parameter but it doesn't solve the problem.
How can I use a single public IP address for exposing servers and allowing my PCs outside?
BTW, I am configuring this on Packet Tracer.
Solved! Go to Solution.
Thanks again for your time.
I just opened your file in PT 8.0.1 (under Mac OS 10.15.7) and I get the same error. See attached snapshot.
I would think there is something wrong with PT 8.0.1 under Mac after you saying it works on your side but the same error appears on PT 6.0.1 under Win7. What is going on here?
I am getting the same error now...weird. There are a lot of flaws in Packet Tracer, this seems to be one of them. Without the static entries, everything works fine:
ip nat pool NAT_POOL 188.8.131.52 184.108.40.206 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
access-list 10 permit 192.168.10.0 0.0.0.255
I am going to test this on a real router, to verify if it really is a bug in Packet Tracer. Will get back with you...
But without the static entries, how does the router know that an external packet is addressed to the WWW server or the FTP server?
Thanks a lot!
I just tested this on real routers, your config works without any problem, so it looks like it is definitely a bug in Packet Tracer...
Thansk for checking it out!
Could you please share with us as snapshot of the nat translation table after you ping outside?
Also, can you comment on my previous question? You said that without the static entries in the NAT table it worked but it seems to me that not having those entries would only allow outgoing traffic and if you want to access any of the servers that won't work. Isn't this right?
I just opened the file again, and now the PING works with and without the static entries. Rather annoying, as there does not seem to be a consistent pattern to this...
As to your second question, indeed without the static entries, the servers cannot be reached from the outside, and connections can only be initiated from the inside.
Oh, really? This is the kind of things I hate from PT
I tried once more to see if I could get it to work but it doesn't. I cannot get through the router to the outside. The point is, how does it show the nat transalation table when you get the messages through? Can you please send a snaphot? I would like to see it.