Solved: HelloYes domainlees nat is

Thomas Panicker · ‎05-28-2014

As of now server A is accesible from external network accessing it using the below mentioned IP and port in http browser
http://x.x.x.x:8080

For the same we have configured port forwarding (static NAT) in the cisco 1905 ISR.

Also from internal network the application is accessible via internal IP and port (ie. http://y.y.y.y:8080)

Is there any way I can configure my Cisco 1905 so that from internal network (ie. from machine B) I can access the application using public IP and port and not with the internal IP ? As of now I am not able to do the same.

The current configurations are as shown below:
access-list 1 permit y.y.y.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

paul driver · ‎05-28-2014

Hello

You can try Domainless Nat .

no ip nat inside source list 1 interface GigabitEthernet0/0 overload
no ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

int gig0/0
no ip nat inside
ip nat enable

int gig0/1
no ip nat inside
ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload
ip nat source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎05-28-2014

Hello

You can try Domainless Nat .

no ip nat inside source list 1 interface GigabitEthernet0/0 overload
no ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

int gig0/0
no ip nat inside
ip nat enable

int gig0/1
no ip nat inside
ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload
ip nat source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thomas Panicker · ‎05-28-2014

Hi Paul,

Thank you for the commands. But still, will the router (Cisco 1905 ISR - IOS v15.4) be able to accept the command "ip nat enable", coz i couldn't find the same apart from the command options "ip nat outside" and "ip nat inside". Is this command (ip nat enable) limited to a set of IOS versions ?

Also in case of doing the above configuration will it affect the internet connectivity of inside network, which is nated and routed to the external network using default route and "ip nat inside/outside" command.

Thanks,

Thomas

paul driver · ‎05-28-2014

Hello

Yes domainlees nat is ios version specific ( but Ive not checked what version is applicable)

Also yes it will cause an outage to change to this variant of NAT.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thomas Panicker · ‎05-29-2014

Hi Paul,

The above mentioned configurations worked successfully. Thanks a lot for providing the exact path.

Also at the same time, it would be great if you could share the real concept of this, how it works while comparing it with the conventional NAT.

Thanks,

Thomas

paul driver · ‎05-29-2014

Hello

Thanks for the rating

please review this http://blog.ine.com/tag/nat/

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Claudiu Negut · ‎09-16-2014

Hello Paul,

I have the same issue and I have tried the suggested configuration with no luck.

Thomas said the commands worked for him however for me it looks a little strange. More precisely, I see your suggested command for Gig0/0 is "no ip nat inside". I assume the correct command is "no ip nat outside" (which I actually used in my scenario) since this is the external interface.

After using the suggested configuration, i see no change in router behavior. I can still access the "internal services of y.y.y.y" from Internet using the x.x.x.x public address and also i can access y.y.y.y from LAN. Still i can't access the services from LAN by using the public x.x.x.x address.

Any sugestions?

Thomas, maybe you can help by posting your router config as displayed by sho run command (ofcourse without any confidential parameters...)

now, my config looks like (full config attached):

interface GigabitEthernet0/0
ip address *********
ip nat enable
duplex auto
speed auto

interface Vlan1
ip address *******
ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload

ip nat source static tcp 192.168.1.252 80 interface GigabitEthernet0/0 80

not sure how this works but i manage to solve the issue by adding on each interface (external/internal) the "no ip redirects" line

ปลาวาฬทราย RMUTT CPE IX · ‎06-17-2019

I'm no luck too. My configuration looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
ip nat source static x.100.1.202 x.223.40.154
ip nat source static x.100.1.204 x.223.40.155

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

Thank you very much.

Thomas Panicker · ‎05-28-2014

Configure public IP traffic from internal network to internal network itself and not to external network