How do I enable "Internet NAT redirection" on an IOS firewall ?

Unanswered Question
Jan 24th, 2008


I have a 2811 IOS router (12.4) with a DSL interface.

I am using Static NAT for my web server & Dynamic NAT for my LAN users.

I can access the web server internally, but cant access it using its external IP address.

I have been struggling with this for over a year now, and on my Linksys router, I see that there is a nice feature to turn this on / off.

From my lan, if I traceroute to the webserver external IP address, I dont even get to the router. Instead I get a reply immediately.

For example, my WebServer IP address is 19x.1.1.115 and my IP range is 19x.1.113-127

When I traceroute from a PC on the LAN to 19x.1.1.115, I get a response immediately.

On the other hand, if I traceroute to 19x.1.1.117 (non-existant host), the route goes via the Router and then out to the Internet.

I am sure its the static NAT / dynamic NAT combination that is messing it up, but even with route maps applied, I still cant seem to figure out how to get this fixed.

Any ideas on how I can enable this feature on the IOS router ??


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Thu, 01/24/2008 - 14:43

If the Static NAT is configured correctly to valid routable IP Address and if you are not blocking HTTP to the server, then users should be able to get to the server from the internet. Can you post your configuration if possible.



shahedvoicerite Thu, 01/24/2008 - 14:50


The problem is not with users from the Internet getting to the webserver.

That works fine.

Its just that LAN users cant reach the web server using the "External" IP address.

They can however access it using the "Internal" address.


This Discussion