Here's the router config, public info modified . . .

The config looks fine and as you said the command you typed in your original post is missing. However, I see the external IP address pool is outside the range you stated originally.

I understand you changed the IP addresses to protect your network but if you can make it somewhat consistent (between your original post and the config posted) it will surely help.

When typing the command you stated, do you get any error ? Did you check the log by typing 'show log' ?

Sorry about that, here's the modified config. The only info that has been modified are the ISP IP Addresses and the ISP DNS servers.

The inside and outside local remain unchanged.

Chris,

The config looks good. Again, do you get any error when you enter the command

ip nat inside source static tcp 10.0.0.8 80 10.17.214.6 200 extendable

Also, it's this the intended outside IP ?

I don't see this as part of the multilink interface nor the LAN pool.

Can you explain ?

However, even if it isn't part of any of the interfaces, the command should remain in the config.

Have you tried rebooting the router and then enter the command ?

I've tried this command in about 3 routers with/without NAT running on them and the command was in the config.

Very strange.

I submitted another post with my error, see my Sep 3, 2006, 2:54pm PST post for the exact syntax.

Here's what I want to do: Open a browser from home and http:// to 2 machines behind the router, 2 machines with 10.0.0.x addresses. Please advise if my syntax is wrong based on my config. Do I need to specify an interface in the ip nat command? Thank you again for your help and patience.

Can you check you enter

ip nat inside source static tcp 10.0.0.8 80 10.17.214.6 200 extendable

when you are in config mode. Only term monitor command need to be entered while you are in Privileage mode in your case.

Please let us know if it works

Regards

Shaheen

Hi

The command to translate HTTP request for your public IP to your non register Private Ip address the command is as follow..

ip nat inside source static tcp [private ip add] [port number] [public ip add] [port number] extendable

make sure your are testing from some other network while you are testing your configuration. and your server is hering the request on port number 2001 [or whatever you want] not on port number 80.

also check you have configured permit for same port number in your ACL config.

Thanks,

Dhaval Tandel

Here is what I get when I enter the command above:

User Access Verification

Username: admin

Password:

WRPM_1720>enable

Password:

WRPM_1720#terminal monitor

WRPM_1720#$ip nat inside source static tcp 10.0.0.8 80 203.52.204.226 2000 extendable

^

% Invalid input detected at '^' marker.

WRPM_1720#

(Public IP has been modified)

As you can see, I receive the "Invalid input detected" error when I enter the command. This is the error I've been getting since I've been tring to do this. Now, I'm doing this remotely through a telnet session from the outside. Would this have any bearing on my not being able to enter the command?

It dosent matter you do configuration from anywhere...

And as per me terminal monitor is not required here..and do configuration in global configuration mode not priviladge mode..just try given command in configuration mode and try by dissebling ACL from ur public interface by 'no ip access group ACL NUMBER in' command.....just for testing...bcoz any ACL can restict you doin this....

try and let's know if u done..

regards

Dhaval Tandel

Well, some good news. In the config file there is the following static mappings:

ip nat inside source static 10.0.0.1 206.57.201.219

ip nat inside source static 10.0.0.2 206.57.201.220

ip nat inside source static 10.0.0.3 206.57.201.218

When I remotely enter http://206.57.201.218, it passes me onto the internal 10.0.0.3's web page. So, it appears that static mapping is already in place. My intuition is telling me I need to create a port mapping as above, but with the following information:

ip nat inside source static 10.0.0.8 206.57.201.217

When I ping remotely ping the .217 address, I get the following:

Pinging 206.57.201.217 with 32 bytes of data:

Reply from 10.17.21.1: TTL expired in transit.

Reply from 10.17.21.1: TTL expired in transit.

Reply from 10.17.21.1: TTL expired in transit.

Reply from 10.17.21.2: TTL expired in transit.

Ping statistics for 206.57.201.217:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

That said, the .217 address is in the pool, and I can map a port to 10.0.0.8 from it.

Again, since the IP Nat commands are working from your end, I'm starting to think I need to be consoled into the router via a cable in order to get this commands to work.

Yes,

I am agree with your Institute fot Port Mapping. thats what the following command does.

ip nat inside source static tcp [private ip add] [port number] [public ip add] [port number] extendable

what this command does is : the request comming for your public ip address for the port number 80 [which is for web server by default] will be translated to your given private ip address [where your web server is configured] for port number 80. and router will note the translation table entry for that which helps while your web server respond to the requesting client accessing the webserver.

you can say static nat translate entirely the ip address while port mapping translate only the requested port number.

regards

Dhaval tandel

The steps should be:

Username: admin

Password:

WRPM_1720>enable

Password:

WRPM_1720#conf t

WRPM_1720(config)#$ip nat inside source static tcp 10.0.0.8 80 203.52.204.226 2000 extendable

WRPM_1720#exit

The configuration is good and you can go for this configuration,but better is to use the same port number like 80. If you wan to use web server to listen to non standard port you also has to do configuration on your webserver too. bcoz by default webserver on any server listen standard port like 80, 8080, and 445. So if you wan t0o use port number 2000 than you has to configure same on your server too.

let me know if you done..

Regards,

Dhaval Tandel