01-27-2010 03:44 AM - edited 03-11-2019 10:02 AM
Hi guys,
I'd like to know if it is possible to use both NAT overload to provide clients with internet access with 1 static global IP and at the same time use a static NAT translation to publish port 80 to a specific web server on the LAN so that it is accessible from the internet???
Would I need 2 global IPs?? 1 to use with the NAT Overload and then one to use for static NAT of my webserver??
Thanks
Mario
01-27-2010 04:11 AM
marioderosa2008 wrote:
Hi guys,
I'd like to know if it is possible to use both NAT overload to provide clients with internet access with 1 static global IP and at the same time use a static NAT translation to publish port 80 to a specific web server on the LAN so that it is accessible from the internet???
Would I need 2 global IPs?? 1 to use with the NAT Overload and then one to use for static NAT of my webserver??
Thanks
Mario
Mario
You can do this with one IP address ie.
ip nat pool NAT
ip nat inside source list 101 pool NAT overload
ip nat inside source static tcp
Jon
01-27-2010 04:52 AM
Thanks for the quick response Jon,
Do you happen to know where to configure this in the web interface?
Do I just add a new Address Translation Rule?
Or is this something that can only be done on the CLI?
Thanks
Mario
01-28-2010 01:58 AM
Hi,
if there is an access list applied in the inbound direction of the Dialer0 interface, will that have any affect on the static tcp NAT command?
I.E. will i have to specificaly allow port 80 traffic in the incoming ACL?
Mario
01-28-2010 04:04 AM
marioderosa2008 wrote:
Hi,
if there is an access list applied in the inbound direction of the Dialer0 interface, will that have any affect on the static tcp NAT command?
I.E. will i have to specificaly allow port 80 traffic in the incoming ACL?
Mario
Mario
Yes you will. Make sure you use the global IP in the acl.
Jon
01-28-2010 04:24 AM
Hi Jon
,
thanks for getting back.
SHould it still work if my nat statement is configured to use the global IP of the Dialer0 interface rather than actually defining a Pool for the global IP and then using that in my main NAT statement.
Because my dialer0 interface is statically configured with the global IP, is it still possible to define a NAT pool with that exact same global IP? Will the router report conflicts?
I'd like to know this before hand before killing everyone's internet access to then realise it cannot be done.
Cheers
Mario
01-28-2010 06:24 AM
I believe you can use the name of the interface instead of the IP address.
example:
ip nat inside source static tcp 10.10.10.1 80 interface fastethernet 4 80
In your case dialer 0
Do not worry. You will not break the internet access for the inside hosts by doing this.
-KS
01-28-2010 06:49 AM
marioderosa2008 wrote:
Hi Jon
,
thanks for getting back.
SHould it still work if my nat statement is configured to use the global IP of the Dialer0 interface rather than actually defining a Pool for the global IP and then using that in my main NAT statement.
Because my dialer0 interface is statically configured with the global IP, is it still possible to define a NAT pool with that exact same global IP? Will the router report conflicts?
I'd like to know this before hand before killing everyone's internet access to then realise it cannot be done.
Cheers
Mario
Mario
Yes it will fine as Kusankar has said. The only reason i didn't use that config was because i though it was a separate address than the dialer0 interface address but if it is the same address you just do
ip nat inside source list 101 interface dialer0 overload
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide