Can't access the new web site through the CISCO2811

Unanswered Question
Oct 22nd, 2008

Hi, all

We have a CISCO2811 router, and we have added a HWIC-4ESW module into it. We have registered a DNS at the DNS registration (, we have translated the 80 and 443 ports of to web site IP address). The web site works good.

We want to add another web site, and this web site is in another internal subnet. We have registered it as the following (, and translate 80 and 443 ports of to 80 and 443 ports of (the new web site's IP address). We have configured as the secondary, and configured the PAT (from to Please see the enclosed for the details configuration.

We can access the old web site normally. When we ping the new web site (, we can get the correct address (, when we access the new web site in IE from the outside of the new web server's subnet, we got the message "The server cannot find or DNS error". When we access the new web site in IE at the new web server, we have connected to the CISCO 2811! What's wrong? How do I configure the CISCO2811, and can access the old and new web site successfully?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Wed, 10/22/2008 - 05:21

You should remove the secondary address, there is no need for it. You may have to clear your NAT translation before it works [clear ip nat trans *]

interface FastEthernet0/1

no ip address secondary

Hope that helps.

stevenyang Wed, 10/22/2008 - 05:32

Hi, Collin

You mean I need to remove the secondary IP address (, and reserve the PAT (from to, right?

Collin Clark Wed, 10/22/2008 - 05:35

Yes, remove the secondary address.

Your PAT statement is fine (ip nat inside source list 1 interface FastEthernet0/1 overload).

Your NAT is OK as well (ip nat inside source static tcp 80 80 extendable

ip nat inside source static tcp 443 443 extendable)

stevenyang Wed, 10/22/2008 - 06:41

Hi, Collin

I have remoted the secondary item, but I can't access the new web site still:( Did I need to configure others?


Collin Clark Wed, 10/22/2008 - 06:45

That should do it. Can you post the result of a show ip nat trans when you try and access the new site?

stevenyang Wed, 10/22/2008 - 07:27

Hi, Collin

I run the "show ip nat trans" after I accessed the new web site, I got the following output:

tcp --- ---

When I access the old web site (the external IP is, the web server's internal IP is successfully I got the following output:


The is our Firewall gateway IP address, I am not sure why the has been translated to it, but not to the we assigned new external IP address for the new site (


Collin Clark Wed, 10/22/2008 - 07:43

From the new web server, can you access the outside (ie browse websites OK). I see that VLAN 1 is /24. Do you have a switch module in the router? How do you provide access to that VLAN?

stevenyang Wed, 10/22/2008 - 08:05

I can access the Internet from the new web server. And I can access the new web server using the remote desktop (the PAT to the 3389 port of the new web server)

The VLAN1 should be, not the

We have purchased a HWIC-4ESW module and insert into the CISCO 2811 router, and we have connected this module's a interface to the output Firewall and another interface to the switch that connects to the new web server.

Collin Clark Wed, 10/22/2008 - 12:11

Some things are conflicting, can we verify? So VLAN 1 looks like this?

interface Vlan1

ip address

ip nat inside

And your NAT like this?

ip nat inside source static tcp 80 80 extendable

ip nat inside source static tcp 443 443 extendable

From the router you can ping correct?

ARUNPRABHU A Fri, 10/24/2008 - 22:45


If your New Webserver Resides at segment ten remove the command

no access-list 1 permit

Because this command will NAT you to instead of it may conflict so better to remove this command.

Warm Rgds, Arun


This Discussion