cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6809
Views
14
Helpful
8
Replies
Highlighted

Configure public IP traffic from internal network to internal network itself and not to external network

As of now server A is accesible from external network accessing it using the below mentioned IP and port in http browser
http://x.x.x.x:8080

For the same we have configured port forwarding (static NAT) in the cisco 1905 ISR.

Also from internal network the application is accessible via internal IP and port (ie. http://y.y.y.y:8080)

Is there any way I can configure my Cisco 1905 so that from internal network (ie. from machine B) I can access the application using public IP and port and not with the internal IP ? As of now I am not able to do the same.

The current configurations are as shown below:
access-list 1 permit y.y.y.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Hello

You can try Domainless Nat .

no ip nat inside source list 1 interface GigabitEthernet0/0 overload
no ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

int gig0/0
no ip nat inside
ip nat enable

int gig0/1
no ip nat inside
ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload
ip nat source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

 

res

Paul
 

 

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

8 REPLIES 8
Highlighted
VIP Mentor

Hello

You can try Domainless Nat .

no ip nat inside source list 1 interface GigabitEthernet0/0 overload
no ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

int gig0/0
no ip nat inside
ip nat enable

int gig0/1
no ip nat inside
ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload
ip nat source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

 

res

Paul
 

 

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

Highlighted

Hi Paul,

Thank you for the commands. But still, will the router (Cisco 1905 ISR - IOS v15.4) be able to accept the command "ip nat enable", coz i couldn't find the same apart from the command options "ip nat outside" and "ip nat inside". Is this command (ip nat enable) limited to a set of IOS versions ?

Also in case of doing the above configuration will it affect the internet connectivity of inside network, which is nated and routed to the external network using default route and "ip nat inside/outside" command.

Thanks,

Thomas

Highlighted

Hello

Yes domainlees nat is ios version specific ( but Ive not checked what version is applicable)

Also yes it will cause an outage to change to this variant of NAT.

 

res

Paul



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

Hi Paul,

The above mentioned configurations worked successfully. Thanks a lot for providing the exact path.

Also at the same time, it would be great if you could share the real concept of this, how it works while comparing it with the conventional NAT.

 

Thanks,

Thomas 

Highlighted

Hello

Thanks for the rating

 

please review this http://blog.ine.com/tag/nat/

 

 

res

Paul



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

Hello Paul,

 

I have the same issue and I have tried the suggested configuration with no luck.

Thomas said the commands worked for him however for me it looks a little strange. More precisely, I see your suggested command for Gig0/0 is "no ip nat inside". I assume the correct command is "no ip nat outside" (which I actually used in my scenario) since this is the external interface.

After using the suggested configuration, i see no change in router behavior. I can still access the "internal services of y.y.y.y" from Internet using the x.x.x.x public address and also i can access y.y.y.y from LAN. Still i can't access the services from LAN by using the public x.x.x.x address.

 

Any sugestions?

Thomas, maybe you can help by posting your router config as displayed by sho run command (ofcourse without any confidential parameters...)

 

now, my config looks like (full config attached):

interface GigabitEthernet0/0
 ip address *********
 ip nat enable
 duplex auto
 speed auto

interface Vlan1
 ip address *******
 ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload

ip nat source static tcp 192.168.1.252 80 interface GigabitEthernet0/0 80

 

 

 

not sure how this works but i manage to solve the issue by adding on each interface (external/internal) the "no ip redirects" line

Highlighted

I'm no luck too. My configuration looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
ip nat source static x.100.1.202 x.223.40.154
ip nat source static x.100.1.204 x.223.40.155

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

 

Thank you very much.

Highlighted


Content for Community-Ad