Showing results for 
Search instead for 
Did you mean: 

Public to Private NAT translation

Hello, this is probably an easy question but I'm stuck. (all IP address's are fake)

External Block:

Interal Block:

I have a server with and everyone in the network, servers and desktops can access this server. On the router I give it a nat translation

ip nat inside source static extendable

so the outside world can access it, and they can and all seams to work fine. However, if I am on the private range, I cannot access it using the public IP address. Now, this isn't a major problem, however I cannot solve it so it does expose a lack in my knowledge.

Here some other bits of info that might be useful

ip nat pool ionic-pool netmask
ip nat inside source list 10 pool ionic-pool overload

access-list 10 permit
access-list 10 permit
access-list 10 permit
access-list 10 permit

interface GigabitEthernet0/1.5
description Public Range

encapsulation dot1Q 70
ip address
ip access-group 101 out
ip nat outside
no ip mroute-cache
standby ip
standby priority 120
standby preempt

interface GigabitEthernet0/3.2
description Private Range

encapsulation dot1Q 10 native
ip address
ip access-group OfficeWebTraffic in
ip nat inside
standby 1 ip
standby 1 priority 110
standby 1 preempt


Everyone's tags (6)
Hall of Fame Cisco Employee

Re: Public to Private NAT translation


You are actually not supposed to contact your internal server from your internal network by its public IP address. Watch the sequence of steps that happens:

  1. You send a packet to the public IP of your server, sourced from your own internal network.
  2. By virtue of classic IP routing, this packet's destination is outside your network, so it will be sent out through the NAT box
  3. The NAT box notes that this packet is coming from inside to outside, so it rewrites its source IP address, not its destination, and sends it to internet, instead of rerouting it back to your own network

Note that even if the NAT box actually rerouted the packet back, it would create an unnecessary extra hop for all packets between you and the server because the communication would have to go through the NAT box instead of flowing directly.

Best regards,



Re: Public to Private NAT translation

Thank you for your reply, I had a feeling this was what the end answer would be. So essentially, everyone internall uses the internal IP (or even a name pointing to that) and everyone externall uses the external (or DNS entry) and internal will never use external. That's good enough for me, just though I was missing something completly

Thanks for your time

Content for Community-Ad