Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2823
Views
35
Helpful
21
Replies

Port Forwarding Web server

yarafat2010
Level 1
Level 1

ā€Ž11-05-2021 08:51 AM

i have a web application server which i am trying to access on the internet

private Ip : 192.168.1.x

public ip : 42.11.100.x ( this is one of the subnet ip of public IP)

Performed quick configuration wizard on my sonicwall firewall to create a web server.

and then i have performed IP nat on my cisco router

ip nat inside source 192.168.1.x 42.11.100.x extendable

int fe0/1 - ip nat inside (lan)

int fe0/2 ip nat outside (wan)

after this when trying to access the subnetted Ip 42.11.100.x outside, No result.

but on my LAN network, if i use this public IP , i can access the web App.

Can anyone please help , how i can make it work globally.

Note: I have sonicwall firwall behind the cisco router.

Labels:
0 Helpful
21 Replies 21

yarafat2010
Level 1
Level 1
In response to balaji.bandi

ā€Ž11-06-2021 12:54 AM

Hi , please check

 

 

interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.2131
description "DIA WAN"
encapsulation dot1Q 2131
ip address 42.11.100.26 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
interface FastEthernet4.2132
description "SIP WAN"
encapsulation dot1Q 2132
ip address 10.64.18.6 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface Vlan1
description "DIA LAN"
ip address 42.11.100.60 255.255.255.248
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
description "SIP LAN"
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface FastEthernet4.2131 overload
ip nat inside source list 20 interface FastEthernet4.2132 overload
ip nat inside source static udp 192.168.3.2 5060 interface FastEthernet4.2132 5060
ip nat inside source static tcp 192.168.1.21 1723 interface FastEthernet4.2131 1723
ip nat inside source static tcp 192.168.1.10 8100 42.11.100.57 8100 extendable
ip nat inside source static 192.168.1.10 42.11.100.57 extendable
ip route 0.0.0.0 0.0.0.0 42.11.100.25
ip route 94.70.210.70 255.255.255.255 10.63.15.5
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 20 permit 192.168.3.0 0.0.0.255
!

0 Helpful

Georg Pauwen
VIP
VIP

ā€Ž11-05-2021 02:42 PM

Hello,

 

post the full running configuration of your router. 

0 Helpful

yarafat2010
Level 1
Level 1
In response to Georg Pauwen

ā€Ž11-06-2021 12:53 AM

Hi , please check

interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.2131
description "DIA WAN"
encapsulation dot1Q 2131
ip address 42.11.100.26 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
interface FastEthernet4.2132
description "SIP WAN"
encapsulation dot1Q 2132
ip address 10.64.18.6 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface Vlan1
description "DIA LAN"
ip address 42.11.100.60 255.255.255.248
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
description "SIP LAN"
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface FastEthernet4.2131 overload
ip nat inside source list 20 interface FastEthernet4.2132 overload
ip nat inside source static udp 192.168.3.2 5060 interface FastEthernet4.2132 5060
ip nat inside source static tcp 192.168.1.21 1723 interface FastEthernet4.2131 1723
ip nat inside source static tcp 192.168.1.10 8100 42.11.100.57 8100 extendable
ip nat inside source static 192.168.1.10 42.11.100.57 extendable
ip route 0.0.0.0 0.0.0.0 42.11.100.25
ip route 94.70.210.70 255.255.255.255 10.63.15.5
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 20 permit 192.168.3.0 0.0.0.255
!

0 Helpful

Georg Pauwen
VIP
VIP
In response to yarafat2010

ā€Ž11-06-2021 01:24 AM

Hello,

 

you are trying to NAT an inside address to an inside address:

 

ip nat inside source static 192.168.1.10 42.11.100.57 extendable

!

interface Vlan1
description "DIA LAN"
ip address 42.11.100.60 255.255.255.248
ip nat inside
ip virtual-reassembly in

 

Change Vlan1 to 'ip nat outside':

 

interface Vlan1
description "DIA LAN"
ip address 42.11.100.60 255.255.255.248
ip nat outside

yarafat2010
Level 1
Level 1
In response to Georg Pauwen

ā€Ž11-06-2021 02:16 AM

ok

So where to add Ip Nat INSIDE?

0 Helpful

Georg Pauwen
VIP
VIP
In response to yarafat2010

ā€Ž11-06-2021 02:32 AM

Hello,

 

where is 192.168.1.10 located ? The interface that is connected to 192.168.1.0/24 needs to be the NAT inside interface. The network is not directly connected, so where is it ?

0 Helpful

yarafat2010
Level 1
Level 1
In response to Georg Pauwen

ā€Ž11-06-2021 03:10 AM

its like this 

ISP WAN(cisco Router) 42.11.100.60  -  LAN  - SONICWALL

    |  

     -----Sonicwall (X0) WAN IP 42.11.100.59 Gateway 42.11.100.60

             Sonicwall (X1) LAN IP 192.168.1.1

0 Helpful
Customers Also Viewed These Support Documents