Showing results for 
Search instead for 
Did you mean: 

NAT with a single IP address for servers and hosts

Dear community,


I have a LAN with a Web (.2) and ssh (.3) servers, and PCs all in the same network range ( I would like to have my servers accessible from the outside of the network and at the same time also allow the PCs to ping/surf outside, with the public IP address of the router (


I tried with this configuration on my router:


ip nat pool NAT_POOL netmask
ip nat inside source list 10 pool NAT_POOL overload
ip nat inside source static tcp 80 80
ip nat inside source static tcp 21 22
access-list 10 permit

But when I try to ping outside, the router complains that I cannot allocate an IP address. I thought this could be solved with the overload parameter but it doesn't solve the problem.


How can I use a single public IP address for exposing servers and allowing my PCs outside?


BTW, I am configuring this on Packet Tracer.



Hi @Georg Pauwen 


Thanks again for your time.


I just opened your file in PT 8.0.1 (under Mac OS 10.15.7) and I get the same error. See attached snapshot.


I would think there is something wrong with PT 8.0.1 under Mac after you saying it works on your side but the same error appears on PT 6.0.1 under Win7. What is going on here?




Screenshot 2021-10-21 at 09.31.30.png





I am getting the same error now...weird. There are a lot of flaws in Packet Tracer, this seems to be one of them. Without the static entries, everything works fine:


ip nat pool NAT_POOL netmask
ip nat inside source list 10 pool NAT_POOL overload
access-list 10 permit


I am going to test this on a real router, to verify if it really is a bug in Packet Tracer. Will get back with you...

But without the static entries, how does the router know that an external packet is addressed to the WWW server or the FTP server?


Thanks a lot!



I just tested this on real routers, your config works without any problem, so it looks like it is definitely a bug in Packet Tracer...

View solution in original post

Thansk for checking it out!


Could you please share with us as snapshot of the nat translation table after you ping outside?


Also, can you comment on my previous question? You said that without the static entries in the NAT table it worked but it seems to me that not having those entries would only allow outgoing traffic and if you want to access any of the servers that won't work. Isn't this right?


Thanks again





I just opened the file again, and now the PING works with and without the static entries. Rather annoying, as there does not seem to be a consistent pattern to this...


As to your second question, indeed without the static entries, the servers cannot be reached from the outside, and connections can only be initiated from the inside.

Oh, really? This is the kind of things I hate from PT


I tried once more to see if I could get it to work but it doesn't. I cannot get through the router to the outside. The point is, how does it show the nat transalation table when you get the messages through? Can you please send a snaphot? I would like to see it.





Well, I tried this on GNS3 and it works perfectly fine just as @Georg Pauwen said.


Could I contact someone to inform about this problem in order for them to fix it?


Thanks for your support @Georg Pauwen @paul driver