Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1759
Views
0
Helpful
16
Replies

Routed Public IP addresses failing to NAT on one physical interface

Ntsele Edison Lechesa
Level 1
Level 1

ā€Ž10-23-2022 09:38 AM

I have a cisco router(CISCO2901/K9) configured to NAT internal network on single physical interface with WAN IP:197.155.206.22/30 to the ISP on 197.155.206.21/30 and it works fine for that. But now I want to NAT one public routed IP to our internal webserver on a different block through the same physical interface. When NAT-ed, it fails to hit the webserver from the router itself. I have tried to route it though the same physical interface with the secondary IP of the routed block and also tried suninterface without a success. Can any please help.

Labels:
0 Helpful
16 Replies 16

balaji.bandi
Hall of Fame
Hall of Fame

ā€Ž10-23-2022 09:47 AM - edited ā€Ž10-23-2022 09:51 AM

If the ISP routed to your new IP address range to your network you can do simple static NAT with external IP to the Web Server

ip nat inside source static x.x.x.x  y.y.y.y   (x.x.x.x web server , y.y.y.y Public IP)
if you looking specific port web server 80 and 443 as below :

ip nat inside source static x.x.x.x 80 y.y.y.y 80
ip nat inside source static x.x.x.x 443 y.y.y.y 443

still have issue post the configuration.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Ntsele Edison Lechesa
Level 1
Level 1
In response to balaji.bandi

ā€Ž10-23-2022 09:55 AM

Let me paste my configs here:
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 28800
crypto isakmp key kkf,dfns45RW address 196.202.240.130
!
!
crypto ipsec transform-set engi-data-set esp-aes 256 esp-sha-hmac
mode tunnel
!
!
!
crypto map VPN-MAP 1 ipsec-isakmp
set peer 196.202.240.130
set security-association lifetime kilobytes 20480
set security-association lifetime seconds 28800
set transform-set engi-data-set
match address engi-data-acl
!
bridge irb
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description connect-ISP-MPLS-PE
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.770
description connect-ISP-MPLS-PE
encapsulation dot1Q 770
ip address 10.114.255.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description connect-OFFICE
ip address 10.10.0.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.201
description connect-OFFICE - Webserver
encapsulation dot1Q 201
ip address 10.100.100.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0/0
description connect-ISP-INET-PE
ip address 197.155.206.22 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map VPN-MAP
!
interface GigabitEthernet0/0/0.200
encapsulation dot1Q 200
ip address 197.155.193.201 255.255.255.248
ip nat outside
ip virtual-reassembly in
crypto map VPN-MAP
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
peer default ip address pool pptppool
no keepalive
ppp authentication ms-chap ms-chap-v2
!
ip local pool pptppool 192.168.90.10 192.168.90.100
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static tcp 10.200.10.10 3389 interface
GigabitEthernet0/0.366 3389
ip nat inside source static tcp 10.200.10.7 1723 interface
GigabitEthernet0/0.366 1723
ip nat inside source list 15 interface GigabitEthernet0/0/0 overload
ip nat inside source list inet-acl interface GigabitEthernet0/0/0 overload
ip nat inside source static 200.10.10.2 interface GigabitEthernet0/0/0.200
ip nat inside source static 192.168.0.7 197.155.193.202
ip route 0.0.0.0 0.0.0.0 197.155.206.21 name DEFAULT-ROUTE
ip route 10.10.1.0 255.255.255.252 10.114.255.1
ip route 10.114.255.0 255.255.255.0 10.114.255.1
ip route 10.114.255.8 255.255.255.252 10.114.255.1
ip route 10.114.255.28 255.255.255.252 10.114.255.1 name BHB_WAN
ip route 10.115.255.0 255.255.255.252 10.10.0.1
ip route 10.200.10.0 255.255.255.0 10.10.0.1
ip route 10.230.10.0 255.255.255.0 10.114.255.1
ip route 10.230.20.0 255.255.255.0 10.114.255.1
ip route 10.230.30.0 255.255.255.0 10.114.255.1
ip route 10.230.90.0 255.255.255.0 10.114.255.1
ip route 192.155.193.200 255.255.255.248 10.10.0.1
ip route 192.168.0.0 255.255.255.0 10.10.0.1
ip route 192.168.1.0 255.255.255.0 10.114.255.1
ip route 192.168.2.0 255.255.255.0 10.114.255.1
ip route 192.168.2.0 255.255.255.128 10.114.255.1
ip route 192.168.3.0 255.255.255.0 10.114.255.1
ip route 192.168.4.0 255.255.255.0 10.114.255.1
ip route 192.168.5.0 255.255.255.0 10.114.255.1
ip route 192.168.6.0 255.255.255.0 10.114.255.1
ip route 192.168.7.0 255.255.255.0 10.114.255.1
ip route 192.168.10.0 255.255.255.0 10.114.255.1
ip route 192.168.11.0 255.255.255.0 10.114.255.1
ip route 192.168.11.16 255.255.255.240 10.114.255.1
ip route 192.168.50.0 255.255.255.0 10.10.0.1
ip route 200.10.10.0 255.255.255.248 192.168.0.253
ip route 200.10.10.0 255.255.255.248 10.100.100.1
!
ip access-list extended engi-data-acl
permit ip host 197.155.206.22 host 197.155.192.226
ip access-list extended inet-acl
permit ip 192.168.0.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip 10.230.10.0 0.0.0.255 any
permit ip 10.230.20.0 0.0.0.255 any
permit ip 10.230.30.0 0.0.0.255 any
permit ip 10.200.10.0 0.0.0.255 any
permit ip 10.114.255.0 0.0.0.255 any
permit ip 10.114.255.28 0.0.0.3 any
permit ip 10.10.10.0 0.0.0.7 any
permit ip 192.168.7.0 0.0.0.255 any
permit ip 10.10.0.0 0.0.0.3 any
permit ip 10.10.1.0 0.0.0.3 any
permit ip 10.230.90.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.15 any
permit ip 192.168.11.16 0.0.0.15 any
permit ip 192.168.11.32 0.0.0.15 any
permit ip 192.168.11.48 0.0.0.15 any
permit ip 192.168.11.64 0.0.0.15 any
permit ip 192.168.11.80 0.0.0.15 any
permit ip 192.168.11.96 0.0.0.15 any
permit ip 192.168.11.112 0.0.0.15 any
permit ip 192.168.11.128 0.0.0.15 any
permit ip 192.168.90.0 0.0.0.255 any
permit ip 192.168.50.0 0.0.0.255 any
permit ip 10.115.255.0 0.0.0.255 any
!
!
!
0 Helpful

Ntsele Edison Lechesa
Level 1
Level 1
In response to balaji.bandi

ā€Ž10-23-2022 10:19 AM

I don't know if you saw the following:

Physical Interface IP (point to point to ISP):
interface GigabitEthernet0/0/0
ip address 197.155.206.22 255.255.255.252
ip nat outside

Sub-Interface for the routed block on another subnet ( 197.155.193.200/29):
interface GigabitEthernet0/0/0.200
ip address 197.155.193.201 255.255.255.248
ip nat outside


My NAT is as follows for the webserver ( 200.10.10.2)
ip nat inside source static 200.10.10.2 interface GigabitEthernet0/0/0.200

And for the rest of the internal IP addresses is as follows:
ip nat inside source list inet-acl interface GigabitEthernet0/0/0 overload

So, when I am in the router, I am able to telnet the internal webserver IP
(200.10.10.2) on port 80 but when I try to use the public IP:
197.155.193.201, it fails completely to respond
0 Helpful

MHM Cisco World
VIP
VIP
In response to Ntsele Edison Lechesa

ā€Ž10-23-2022 10:28 AM

ip nat inside source static 200.10.10.2 interface GigabitEthernet0/0/0.200 <<-
can you do show running config, are you see overload keyword add to above static command ???

0 Helpful

Ntsele Edison Lechesa
Level 1
Level 1
In response to MHM Cisco World

ā€Ž10-23-2022 12:29 PM

No overload on the subinterface

0 Helpful

MHM Cisco World
VIP
VIP
In response to Ntsele Edison Lechesa

ā€Ž10-23-2022 12:33 PM

then just for check, 

replace the interface with IP and check again. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Ntsele Edison Lechesa

ā€Ž10-23-2022 10:44 AM

Not sure why you need secondary IP ? if you looking to forward all the traffic coming to IP  197.155.193.201 and want to route to web Server.

as I stated above, if the IPs /29 already routed to your network, you do not need to have secondary interface.

remove the gig0/0/0.200 interface and you can do NAT static as the suggested config on the original post.

ip nat inside source static 200.10.10.2  197.155.193.201

 still issue post - show run

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Ntsele Edison Lechesa
Level 1
Level 1
In response to balaji.bandi

ā€Ž10-24-2022 01:33 PM

Hi, I tried to revise my configs as per below but the issue still persists:

crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 28800
crypto isakmp key kkf,dfns45RW address 196.202.240.130
!
!
crypto ipsec transform-set engi-data-set esp-aes 256 esp-sha-hmac
mode tunnel
!
!
!
crypto map VPN-MAP 1 ipsec-isakmp
set peer 196.202.240.130
set security-association lifetime kilobytes 20480
set security-association lifetime seconds 28800
set transform-set engi-data-set
match address engi-data-acl
!
bridge irb
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description connect-ISP-MPLS-PE
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.770
description connect-ISP-MPLS-PE
encapsulation dot1Q 770
ip address 10.114.255.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description connect-OFFICE
ip address 10.10.0.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
description connect-ISP-INET-PE
ip address 197.155.206.22 255.255.255.252
ip nat outside
ip virtual-reassembly in max-reassemblies 64 timeout 5
duplex auto
speed auto
crypto map VPN-MAP
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
peer default ip address pool pptppool
no keepalive
ppp authentication ms-chap ms-chap-v2
!
ip local pool pptppool 192.168.90.10 192.168.90.100
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static tcp 10.200.10.10 3389 interface GigabitEthernet0/0.366 3389
ip nat inside source static tcp 10.200.10.7 1723 interface GigabitEthernet0/0.366 1723
ip nat inside source list 15 interface GigabitEthernet0/0/0 overload
ip nat inside source list 105 interface GigabitEthernet0/0/0 overload
ip nat inside source list 106 interface GigabitEthernet0/0/0 overload
ip nat inside source list 107 interface GigabitEthernet0/0/0 overload
ip nat inside source list 108 interface GigabitEthernet0/0/0 overload
ip nat inside source list 109 interface GigabitEthernet0/0/0 overload
ip nat inside source list 110 interface GigabitEthernet0/0/0 overload
ip nat inside source list 111 interface GigabitEthernet0/0/0 overload
ip nat inside source list 112 interface GigabitEthernet0/0/0 overload
ip nat inside source list inet-acl interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 200.10.10.2 80 197.155.193.201 80 extendable
ip nat inside source static tcp 200.10.10.2 8080 197.155.193.201 8080 extendable
ip nat inside source static 200.10.10.2 197.155.193.201
ip nat inside source static 192.168.0.7 197.155.193.202
ip route 0.0.0.0 0.0.0.0 197.155.206.21 name DEFAULT-ROUTE
ip route 10.10.1.0 255.255.255.252 10.114.255.1
ip route 10.114.255.0 255.255.255.0 10.114.255.1
ip route 10.114.255.8 255.255.255.252 10.114.255.1
ip route 10.114.255.28 255.255.255.252 10.114.255.1 name BHB_WAN
ip route 10.115.255.0 255.255.255.252 10.10.0.1
ip route 10.200.10.0 255.255.255.0 10.10.0.1
ip route 10.230.10.0 255.255.255.0 10.114.255.1
ip route 10.230.20.0 255.255.255.0 10.114.255.1
ip route 10.230.30.0 255.255.255.0 10.114.255.1
ip route 10.230.90.0 255.255.255.0 10.114.255.1
ip route 192.155.193.200 255.255.255.248 10.10.0.1
ip route 192.168.0.0 255.255.255.0 10.10.0.1
ip route 192.168.1.0 255.255.255.0 10.114.255.1
ip route 192.168.2.0 255.255.255.0 10.114.255.1
ip route 192.168.2.0 255.255.255.128 10.114.255.1
ip route 192.168.3.0 255.255.255.0 10.114.255.1
ip route 192.168.4.0 255.255.255.0 10.114.255.1
ip route 192.168.5.0 255.255.255.0 10.114.255.1
ip route 192.168.6.0 255.255.255.0 10.114.255.1
ip route 192.168.7.0 255.255.255.0 10.114.255.1
ip route 192.168.10.0 255.255.255.0 10.114.255.1
ip route 192.168.11.0 255.255.255.0 10.114.255.1
ip route 192.168.11.16 255.255.255.240 10.114.255.1
ip route 192.168.50.0 255.255.255.0 10.10.0.1
ip route 200.10.10.0 255.255.255.248 10.10.0.1
!
ip access-list extended engi-data-acl
permit ip host 197.155.206.22 host 197.155.192.226
ip access-list extended inet-acl
permit ip 192.168.0.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip 10.230.10.0 0.0.0.255 any
permit ip 10.230.20.0 0.0.0.255 any
permit ip 10.230.30.0 0.0.0.255 any
permit ip 10.200.10.0 0.0.0.255 any
permit ip 10.114.255.0 0.0.0.255 any
permit ip 10.114.255.28 0.0.0.3 any
permit ip 10.10.10.0 0.0.0.7 any
permit ip 192.168.7.0 0.0.0.255 any
permit ip 10.10.0.0 0.0.0.3 any
permit ip 10.10.1.0 0.0.0.3 any
permit ip 10.230.90.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.15 any
permit ip 192.168.11.16 0.0.0.15 any
permit ip 192.168.11.32 0.0.0.15 any
permit ip 192.168.11.48 0.0.0.15 any
permit ip 192.168.11.64 0.0.0.15 any
permit ip 192.168.11.80 0.0.0.15 any
permit ip 192.168.11.96 0.0.0.15 any
permit ip 192.168.11.112 0.0.0.15 any
permit ip 192.168.11.128 0.0.0.15 any
permit ip 192.168.90.0 0.0.0.255 any
permit ip 192.168.50.0 0.0.0.255 any
permit ip 10.115.255.0 0.0.0.255 any
permit ip 200.10.10.0 0.0.0.7 any
!
!
!
access-list 1 permit any
access-list 1 permit 192.168.50.0 0.0.0.255
access-list 15 permit 192.168.50.0 0.0.0.255
access-list 101 permit tcp any any eq 3389
access-list 102 permit tcp any any eq 1723
access-list 105 permit tcp host 197.155.193.201 any eq www
access-list 106 permit tcp any host 197.155.193.201 eq www
access-list 107 permit tcp host 197.155.193.201 host 200.10.10.2 eq www
access-list 108 permit tcp host 200.10.10.2 host 197.155.193.201 eq www
access-list 109 permit tcp host 197.155.193.201 any eq 8080
access-list 110 permit tcp any host 197.155.193.201 eq 8080
access-list 111 permit tcp host 197.155.193.201 host 200.10.10.2 eq 8080
access-list 112 permit tcp host 200.10.10.2 host 197.155.193.201 eq 8080
!

0 Helpful

paul.driver
Level 1
Level 1

ā€Ž10-24-2022 02:07 AM

Hello

@Ntsele Edison Lechesa wrote:
. But now I want to NAT one public routed IP to our internal webserver on a different block through the same physical interface


ip nat inside source static tcp 10.200.10.10 3389 interface GigabitEthernet0/0.366 3389 < -- no such interface
ip nat inside source static tcp 10.200.10.7 1723 interface GigabitEthernet0/0.366 1723 < -- no such interface
ip nat inside source list 15 interface GigabitEthernet0/0/0 overload < -- no acl 15


ip nat inside source static 192.168.0.7 197.155.193.202 <  Working static
ip nat inside source list inet-acl interface GigabitEthernet0/0/0 overload <  Working PAT

ip nat inside source static 200.10.10.2 interface GigabitEthernet0/0/0.200 < is this the host ip not working?

Can you confirm if  200.10.10.2 is reachable externally otherwise the NAT will not work?

0 Helpful

Ntsele Edison Lechesa
Level 1
Level 1
In response to paul.driver

ā€Ž10-24-2022 07:42 AM

Yes it is reachable!

 

0 Helpful

paul driver
VIP
VIP
In response to Ntsele Edison Lechesa

ā€Ž10-24-2022 03:29 PM

Hello
Apologies i meant internally, so I assume it is reachable as i do see a static route for it, but i also see an ace entry for that subnet in the dynamic pat acl?

As such as it a webserver than make the the pat statiment more specfic, and negate the host from that pat acl.

sh ip ip access-list extended inet-acl
ip access-list extended inet-acl
5 deny ip host 200.10.10.2 any
ip nat inside source static tcp 200.10.10.2  <port> interface GigabitEthernet0/0/0.200 <port>


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the communityā€™s global network.

Kind Regards
Paul
0 Helpful

Ntsele Edison Lechesa
Level 1
Level 1
In response to paul driver

ā€Ž10-25-2022 03:55 AM

Hi,
I have removed subinterface and the configs are as follows:
!
no ip http server
no ip http secure-server
!
ip nat inside source static tcp 10.200.10.10 3389 interface
GigabitEthernet0/0.366 3389
ip nat inside source static tcp 10.200.10.7 1723 interface
GigabitEthernet0/0.366 1723
ip nat inside source list 15 interface GigabitEthernet0/0/0 overload
ip nat inside source list 105 interface GigabitEthernet0/0/0 overload
ip nat inside source list 106 interface GigabitEthernet0/0/0 overload
ip nat inside source list 107 interface GigabitEthernet0/0/0 overload
ip nat inside source list 108 interface GigabitEthernet0/0/0 overload
ip nat inside source list 109 interface GigabitEthernet0/0/0 overload
ip nat inside source list 110 interface GigabitEthernet0/0/0 overload
ip nat inside source list 111 interface GigabitEthernet0/0/0 overload
ip nat inside source list 112 interface GigabitEthernet0/0/0 overload
ip nat inside source list inet-acl interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 200.10.10.2 80 197.155.193.201 80 extendable
ip nat inside source static tcp 200.10.10.2 8080 197.155.193.201 8080
extendable
ip nat inside source static 200.10.10.2 197.155.193.201
ip nat inside source static 192.168.0.7 197.155.193.202
ip route 0.0.0.0 0.0.0.0 197.155.206.21 name DEFAULT-ROUTE
ip route 10.10.1.0 255.255.255.252 10.114.255.1
ip route 10.114.255.0 255.255.255.0 10.114.255.1
ip route 10.114.255.8 255.255.255.252 10.114.255.1
ip route 10.114.255.28 255.255.255.252 10.114.255.1 name BHB_WAN
ip route 10.115.255.0 255.255.255.252 10.10.0.1
ip route 10.200.10.0 255.255.255.0 10.10.0.1
ip route 10.230.10.0 255.255.255.0 10.114.255.1
ip route 10.230.20.0 255.255.255.0 10.114.255.1
ip route 10.230.30.0 255.255.255.0 10.114.255.1
ip route 10.230.90.0 255.255.255.0 10.114.255.1
ip route 192.155.193.200 255.255.255.248 10.10.0.1
ip route 192.168.0.0 255.255.255.0 10.10.0.1
ip route 192.168.1.0 255.255.255.0 10.114.255.1
ip route 192.168.2.0 255.255.255.0 10.114.255.1
ip route 192.168.2.0 255.255.255.128 10.114.255.1
ip route 192.168.3.0 255.255.255.0 10.114.255.1
ip route 192.168.4.0 255.255.255.0 10.114.255.1
ip route 192.168.5.0 255.255.255.0 10.114.255.1
ip route 192.168.6.0 255.255.255.0 10.114.255.1
ip route 192.168.7.0 255.255.255.0 10.114.255.1
ip route 192.168.10.0 255.255.255.0 10.114.255.1
ip route 192.168.11.0 255.255.255.0 10.114.255.1
ip route 192.168.11.16 255.255.255.240 10.114.255.1
ip route 192.168.50.0 255.255.255.0 10.10.0.1
ip route 200.10.10.0 255.255.255.248 10.10.0.1
!
ip access-list extended engi-data-acl
permit ip host 197.155.206.22 host 197.155.192.226
ip access-list extended inet-acl
permit ip 192.168.0.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip 10.230.10.0 0.0.0.255 any
permit ip 10.230.20.0 0.0.0.255 any
permit ip 10.230.30.0 0.0.0.255 any
permit ip 10.200.10.0 0.0.0.255 any
permit ip 10.114.255.0 0.0.0.255 any
permit ip 10.114.255.28 0.0.0.3 any
permit ip 10.10.10.0 0.0.0.7 any
permit ip 192.168.7.0 0.0.0.255 any
permit ip 10.10.0.0 0.0.0.3 any
permit ip 10.10.1.0 0.0.0.3 any
permit ip 10.230.90.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.15 any
permit ip 192.168.11.16 0.0.0.15 any
permit ip 192.168.11.32 0.0.0.15 any
permit ip 192.168.11.48 0.0.0.15 any
permit ip 192.168.11.64 0.0.0.15 any
permit ip 192.168.11.80 0.0.0.15 any
permit ip 192.168.11.96 0.0.0.15 any
permit ip 192.168.11.112 0.0.0.15 any
permit ip 192.168.11.128 0.0.0.15 any
permit ip 192.168.90.0 0.0.0.255 any
permit ip 192.168.50.0 0.0.0.255 any
permit ip 10.115.255.0 0.0.0.255 any
!
!
!
access-list 1 permit any
access-list 1 permit 192.168.50.0 0.0.0.255
access-list 15 permit 192.168.50.0 0.0.0.255
access-list 101 permit tcp any any eq 3389
access-list 102 permit tcp any any eq 1723
access-list 105 permit tcp host 197.155.193.201 any eq www
access-list 106 permit tcp any host 197.155.193.201 eq www
access-list 107 permit tcp host 197.155.193.201 host 200.10.10.2 eq www
access-list 108 permit tcp host 200.10.10.2 host 197.155.193.201 eq www
access-list 109 permit tcp host 197.155.193.201 any eq 8080
access-list 110 permit tcp any host 197.155.193.201 eq 8080
access-list 111 permit tcp host 197.155.193.201 host 200.10.10.2 eq 8080
access-list 112 permit tcp host 200.10.10.2 host 197.155.193.201 eq 8080
0 Helpful

Ntsele Edison Lechesa
Level 1
Level 1
In response to paul.driver

ā€Ž10-24-2022 01:26 PM

Remember 200.10.10.2 is an internal IP for the webserver.

0 Helpful

Georg Pauwen
VIP
VIP

ā€Ž10-24-2022 04:07 AM

Hello,

what default gateway is the Web server (with IP address 200.10.10.2) using ?

0 Helpful
Customers Also Viewed These Support Documents