cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1211
Views
0
Helpful
0
Replies

Accessing public IP on private network with NAT NVI

jaseeeeeey
Level 1
Level 1

Hi,

I have been trying to configure static NAT on my network using a Cisco 1841 and slowly making progress. However, I am slightly stuck as I am unable to ping my public IP addresses on my internal network when using a static NAT. I have no problems at all when using a secondary IP interface and giving my server a public IP. I would prefer to use static NAT for my servers rather than assigning them public IP addresses as this wastes IP addresses due to the requirement of a gateway and network address aswell.

My configuration is as follows:

===

Router(config)#do show run

Building configuration...

Current configuration : 1657 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip cef

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

ip name-server 8.8.4.4

ip name-server 8.8.8.8

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

description Local Network

ip address 101.202.84.185 255.255.255.248 secondary

ip address 172.16.1.254 255.255.255.0

ip nat enable

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Public Network

no ip address

ip virtual-reassembly

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface ATM0/0/0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat enable

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname ********

ppp chap password 0 ********

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

no ip http server

no ip http secure-server

ip nat source list ACL_NAT_LAN interface Dialer1 overload

ip nat source static 172.16.1.102 101.202.84.187

!

ip access-list extended ACL_NAT_LAN

permit ip 172.16.1.0 0.0.0.255 any

!

!

!

control-plane

!

!

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

When I assign 101.202.84.186 to my server NIC, I am able to access it from anywhere in the world including my internal network host of 172.16.1.1. However, if I try to access 101.202.84.187 as per this configuration, I am only able to access it from the outside world and not my host of 172.16.1.1.

If I remove the secondary IP from the Fa0/0 interface, then the IP of 101.202.84.187 is accessible on the internal network, but not outside of the network, and nor can the server of 172.16.1.102 access anything outside of the network.

Any advice or a nudge in the right direction would be much appreciated.

Kind Regards,

Jason.

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: