Thank you, Cadet Alain.

One more question: I have two subinterfaces on the router's inside interface (GigabitEthernet0/1) configured this way:

interface GigabitEthernet0/1.X

encapsulation dot1Q X

ip address 192.168.X.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface GigabitEthernet0/1.Z

encapsulation dot1Q Z

ip address 192.168.Z.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

How to configure them using your method?

Hi,

to use NVI just replace ip nat inside and ip nat outside by ip nat enable

Regards.

Alain

Don't forget to rate helpful posts.

First attempt failed. Using "old school method" to perform NAT (NAT Inside/Outside) networks connected via GigabitEthernet0/1 interface (and subinterfaces) are automatically routed. (Command "show ip route" lists networks connected to the router and there's no need to configure routes.)

Using your method to perform NAT enables NVI interface (NVI0) on the router. I rolled back to the previous configuration and mention that: NVI0 interface is up (how to shut it down?) and there is no output for command "show ip nat translations".

Maybe I should read more about using NAT and NVI.

Help me, please. Question: I have a website located on my LAN, I have a router inbetween WAN and LAN, I want make the website accessible from WAN.

Router's config:

Current configuration : 2252 bytes

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname edge

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

no ipv6 cef

!

ip domain name sphti.ru

ip cef

multilink bundle-name authenticated

!

license udi pid CISCO2951/K9 sn FCZ162920ED

!

username privilege 15 password 7

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 46.45.33.4 255.255.255.128

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 192.168.112.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1.111

encapsulation dot1Q 111

ip address 192.168.111.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface GigabitEthernet0/1.113

encapsulation dot1Q 113

ip address 192.168.113.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat translation timeout 600

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 46.45.33.1

!

access-list 1 permit 192.168.111.0 0.0.0.255

access-list 1 permit 192.168.112.0 0.0.0.255

access-list 1 permit 192.168.113.0 0.0.0.255

!

control-plane

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login local

transport input ssh

line vty 5 15

no login

transport input none

!

scheduler allocate 20000 1000

!

end

Web-server's network config:

IP Address: 192.168.112.17

Netmask: 255.255.255.0

DNS: 192.168.112.2

Gateway: 192.168.112.254

How finally to configure the router? Help me, please!

One spare address means that I should configure router's outside (WAN) interface with secondary IP address, right?

Thank you, Abzal Sembay! Everything's allright now!