Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2208
Views
0
Helpful
16
Replies

Routed Public IP addresses failing to NAT on one physical interface

Ntsele Edison Lechesa
Level 1
Level 1

‎10-23-2022 09:38 AM

I have a cisco router(CISCO2901/K9) configured to NAT internal network on single physical interface with WAN IP:197.155.206.22/30 to the ISP on 197.155.206.21/30 and it works fine for that. But now I want to NAT one public routed IP to our internal webserver on a different block through the same physical interface. When NAT-ed, it fails to hit the webserver from the router itself. I have tried to route it though the same physical interface with the secondary IP of the routed block and also tried suninterface without a success. Can any please help.

Labels:
0 Helpful
16 Replies 16

Ntsele Edison Lechesa
Level 1
Level 1
In response to Georg Pauwen

‎10-24-2022 07:41 AM

Default gateway is 200.10.10.1

 

0 Helpful

Ntsele Edison Lechesa
Level 1
Level 1

‎10-26-2022 11:02 AM

Additional Information:

crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 28800
crypto isakmp key kkf,dfns45RW address 196.202.240.130
!
!
crypto ipsec transform-set engi-data-set esp-aes 256 esp-sha-hmac
mode tunnel
!
!
!
crypto map VPN-MAP 1 ipsec-isakmp
set peer 196.202.240.130
set security-association lifetime kilobytes 20480
set security-association lifetime seconds 28800
set transform-set engi-data-set
match address engi-data-acl
!
bridge irb
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description connect-ISP-MPLS-PE
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.770
description connect-ISP-MPLS-PE
encapsulation dot1Q 770
ip address 10.114.255.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description connect-OFFICE
ip address 10.10.0.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
description connect-ISP-INET-PE
ip address 197.155.206.22 255.255.255.252
ip nat outside
ip virtual-reassembly in max-reassemblies 64 timeout 5
duplex auto
speed auto
crypto map VPN-MAP
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
peer default ip address pool pptppool
no keepalive
ppp authentication ms-chap ms-chap-v2
!
ip local pool pptppool 192.168.90.10 192.168.90.100
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static tcp 10.200.10.10 3389 interface GigabitEthernet0/0.366 3389
ip nat inside source static tcp 10.200.10.7 1723 interface GigabitEthernet0/0.366 1723
ip nat inside source list 15 interface GigabitEthernet0/0/0 overload
ip nat inside source list 105 interface GigabitEthernet0/0/0 overload
ip nat inside source list 106 interface GigabitEthernet0/0/0 overload
ip nat inside source list 107 interface GigabitEthernet0/0/0 overload
ip nat inside source list 108 interface GigabitEthernet0/0/0 overload
ip nat inside source list 109 interface GigabitEthernet0/0/0 overload
ip nat inside source list 110 interface GigabitEthernet0/0/0 overload
ip nat inside source list 111 interface GigabitEthernet0/0/0 overload
ip nat inside source list 112 interface GigabitEthernet0/0/0 overload
ip nat inside source list inet-acl interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 200.10.10.2 80 197.155.193.201 80 extendable
ip nat inside source static tcp 200.10.10.2 8080 197.155.193.201 8080 extendable
ip nat inside source static 200.10.10.2 197.155.193.201
ip nat inside source static 192.168.0.7 197.155.193.202
ip route 0.0.0.0 0.0.0.0 197.155.206.21 name DEFAULT-ROUTE
ip route 10.10.1.0 255.255.255.252 10.114.255.1
ip route 10.114.255.0 255.255.255.0 10.114.255.1
ip route 10.114.255.8 255.255.255.252 10.114.255.1
ip route 10.114.255.28 255.255.255.252 10.114.255.1 name BHB_WAN
ip route 10.115.255.0 255.255.255.252 10.10.0.1
ip route 10.200.10.0 255.255.255.0 10.10.0.1
ip route 10.230.10.0 255.255.255.0 10.114.255.1
ip route 10.230.20.0 255.255.255.0 10.114.255.1
ip route 10.230.30.0 255.255.255.0 10.114.255.1
ip route 10.230.90.0 255.255.255.0 10.114.255.1
ip route 192.155.193.200 255.255.255.248 10.10.0.1
ip route 192.168.0.0 255.255.255.0 10.10.0.1
ip route 192.168.1.0 255.255.255.0 10.114.255.1
ip route 192.168.2.0 255.255.255.0 10.114.255.1
ip route 192.168.2.0 255.255.255.128 10.114.255.1
ip route 192.168.3.0 255.255.255.0 10.114.255.1
ip route 192.168.4.0 255.255.255.0 10.114.255.1
ip route 192.168.5.0 255.255.255.0 10.114.255.1
ip route 192.168.6.0 255.255.255.0 10.114.255.1
ip route 192.168.7.0 255.255.255.0 10.114.255.1
ip route 192.168.10.0 255.255.255.0 10.114.255.1
ip route 192.168.11.0 255.255.255.0 10.114.255.1
ip route 192.168.11.16 255.255.255.240 10.114.255.1
ip route 192.168.50.0 255.255.255.0 10.10.0.1
ip route 200.10.10.0 255.255.255.248 10.10.0.1
!
ip access-list extended engi-data-acl
permit ip host 197.155.206.22 host 197.155.192.226
ip access-list extended inet-acl
permit ip 192.168.0.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip 10.230.10.0 0.0.0.255 any
permit ip 10.230.20.0 0.0.0.255 any
permit ip 10.230.30.0 0.0.0.255 any
permit ip 10.200.10.0 0.0.0.255 any
permit ip 10.114.255.0 0.0.0.255 any
permit ip 10.114.255.28 0.0.0.3 any
permit ip 10.10.10.0 0.0.0.7 any
permit ip 192.168.7.0 0.0.0.255 any
permit ip 10.10.0.0 0.0.0.3 any
permit ip 10.10.1.0 0.0.0.3 any
permit ip 10.230.90.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.15 any
permit ip 192.168.11.16 0.0.0.15 any
permit ip 192.168.11.32 0.0.0.15 any
permit ip 192.168.11.48 0.0.0.15 any
permit ip 192.168.11.64 0.0.0.15 any
permit ip 192.168.11.80 0.0.0.15 any
permit ip 192.168.11.96 0.0.0.15 any
permit ip 192.168.11.112 0.0.0.15 any
permit ip 192.168.11.128 0.0.0.15 any
permit ip 192.168.90.0 0.0.0.255 any
permit ip 192.168.50.0 0.0.0.255 any
permit ip 10.115.255.0 0.0.0.255 any
permit ip 200.10.10.0 0.0.0.7 any
!
!
!
access-list 1 permit any
access-list 1 permit 192.168.50.0 0.0.0.255
access-list 15 permit 192.168.50.0 0.0.0.255
access-list 101 permit tcp any any eq 3389
access-list 102 permit tcp any any eq 1723
access-list 105 permit tcp host 197.155.193.201 any eq www
access-list 106 permit tcp any host 197.155.193.201 eq www
access-list 107 permit tcp host 197.155.193.201 host 200.10.10.2 eq www
access-list 108 permit tcp host 200.10.10.2 host 197.155.193.201 eq www
access-list 109 permit tcp host 197.155.193.201 any eq 8080
access-list 110 permit tcp any host 197.155.193.201 eq 8080
access-list 111 permit tcp host 197.155.193.201 host 200.10.10.2 eq 8080
access-list 112 permit tcp host 200.10.10.2 host 197.155.193.201 eq 8080
!

0 Helpful
Customers Also Viewed These Support Documents