cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
439
Views
0
Helpful
2
Replies

Port Forwarding via Service Provider Network (Reposted in 'Routing')

Driftshin
Level 1
Level 1

This is the scenario. I'm on a LAN that gets its Internet connectivity via a MAN. I have autonomy over my LAN but data gets routed through the provider's mpls network out their public addresses. Now i have an application running on port 80 IP address 10.2.1.51, called ODK Aggregate that i need to be accessible via from the internet. My inside host is 10.2.1.1 while the outside address is 172.23.1.2 and the public address is 41.222.1.2. Were I directly connected to the Internet, i figure the configuration would be straight forward. This is my configuration for the nat;

 

ip nat inside source static tcp 10.2.1.51 80 interface GigabitEthernet0/0/0.1 80

ip nat outside source static tcp 172.23.1.2 80 41.222.1.2 80 extendable

 

This however is not working for me. When i try to access the host from outside my network and look at the nat translations, i can see the public address of the device i'm accessing from. What am i doing wrong? See attached the logical diagram.ODK Aggregate Diagram.png

 

2 Replies 2

Hello,

 

can you post the output of 'show ip nat translaton *' as well as the output of 'show ip route' from your Router0 ?

This is minus any access traffic:

Pro     Inside global               Inside local               Outside local            Outside global
tcp        ---                             ---                        41.222.1.2:80     172.23.1.2:80
tcp      172.23.1.2:80            10.2.1.51:80            ---                              ---

 

This is when i try to access 41.222.1.2 from my inside machine 10.2.1.52

Pro       Inside global        Inside local            Outside local         Outside global
tcp             ---                     ---                  41.222.1.2:80    172.23.1.2:80
tcp 172.23.1.2:80      10.2.1.51:80             10.2.1.52:51926 10.2.1.52:51926
tcp 172.23.1.2:80      10.2.1.51:80             10.2.1.52:51927 10.2.1.52:51927
tcp 172.23.1.2:80      10.2.1.51:80             10.2.1.52:51930 10.2.1.52:51930
tcp 172.23.1.2:80      10.2.1.51:80               ---                            ---
tcp 10.2.1.52:51926 10.2.1.52:51926      41.222.1.2:80 172.23.1.2:80
tcp 10.2.1.52:51927 10.2.1.52:51927      41.222.1.2:80 172.23.1.2:80
tcp 10.2.1.52:51930 10.2.1.52:51930      41.222.1.2:80 172.23.1.2:80

 

Looks like the host i'm accessing from ends up becoming the outside local, inside global and inside local. Strange.

 

 

Review Cisco Networking for a $25 gift card