Publishing Web Server through Cisco 877 router

Unanswered Question
Jan 27th, 2010

Hi guys,

I'd like to know if it is possible to use both NAT overload to provide clients with internet access with 1 static global IP and at the same time use a static NAT translation to publish port 80 to a specific web server on the LAN so that it is accessible from the internet???

Would I need 2 global IPs?? 1 to use with the NAT Overload and then one to use for static NAT of my webserver??

Thanks

Mario

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 01/27/2010 - 04:11

marioderosa2008 wrote:

Hi guys,

I'd like to know if it is possible to use both NAT overload to provide clients with internet access with 1 static global IP and at the same time use a static NAT translation to publish port 80 to a specific web server on the LAN so that it is accessible from the internet???

Would I need 2 global IPs?? 1 to use with the NAT Overload and then one to use for static NAT of my webserver??

Thanks

Mario

Mario

You can do this with one IP address ie.

ip nat pool NAT netmask 255.255.255.0

ip nat inside source list 101 pool NAT overload

ip nat inside source static tcp 80 80

Jon

marioderosa2008 Wed, 01/27/2010 - 04:52

Thanks for the quick response Jon,

Do you happen to know where to configure this in the web interface?

Do I just add a new Address Translation Rule?

Or is this something that can only be done on the CLI?

Thanks

Mario

marioderosa2008 Thu, 01/28/2010 - 01:58

Hi,

if there is an access list applied in the inbound direction of the Dialer0 interface, will that have any affect on the static tcp NAT command?

I.E. will i have to specificaly allow port 80 traffic in the incoming ACL?

Mario

Jon Marshall Thu, 01/28/2010 - 04:04

marioderosa2008 wrote:

Hi,

if there is an access list applied in the inbound direction of the Dialer0 interface, will that have any affect on the static tcp NAT command?

I.E. will i have to specificaly allow port 80 traffic in the incoming ACL?

Mario

Mario

Yes you will. Make sure you use the global IP in the acl.

Jon

marioderosa2008 Thu, 01/28/2010 - 04:24

Hi Jon

,

thanks for getting back.

SHould it still work if my nat statement is configured to use the global IP of the Dialer0 interface rather than actually defining a Pool for the global IP and then using that in my main NAT statement.

Because my dialer0 interface is statically configured with the global IP, is it still possible to define a NAT pool with that exact same global IP? Will the router report conflicts?

I'd like to know this before hand before killing everyone's internet access to then realise it cannot be done.

Cheers

Mario

Kureli Sankar Thu, 01/28/2010 - 06:24

I believe you can use the name of the interface instead of the IP address.

example:

ip nat inside source static tcp 10.10.10.1 80 interface fastethernet 4 80

In your case dialer 0

Do not worry. You will not break the internet access for the inside hosts by doing this.

-KS

Jon Marshall Thu, 01/28/2010 - 06:49

marioderosa2008 wrote:

Hi Jon

,

thanks for getting back.

SHould it still work if my nat statement is configured to use the global IP of the Dialer0 interface rather than actually defining a Pool for the global IP and then using that in my main NAT statement.

Because my dialer0 interface is statically configured with the global IP, is it still possible to define a NAT pool with that exact same global IP? Will the router report conflicts?

I'd like to know this before hand before killing everyone's internet access to then realise it cannot be done.

Cheers

Mario

Mario

Yes it will fine as Kusankar has said. The only reason i didn't use that config was because i though it was a separate address than the dialer0 interface address but if it is the same address you just do

ip nat inside source list 101 interface dialer0 overload

Jon

Actions

This Discussion