Accessing public IP from local network

Unanswered Question
Jul 21st, 2010
User Badges:

Hi all,


We are having some issue accesing, from our LAN, to a web server situated on the same internal network through our public address. We are trying to do so, since we use a program with a hyperlink to that web server and, we can use it making demos on our LAN or on a customer's site (no DNS server available on our LAN).


We have a Cisco 837 ADSL router and we have the NAT configured. From the Internet we haven't got any problem on accessing the http port of the server. But, when from our LAN we type http://X.X.X.X (where X is our public IP address), we do not receive any response (if we activate the "ip http server" on the router, we access the router web page). This is what we have configured:


ip nat inside source static tcp 192.168.1.2 80 X.X.X.X 80 extendable


interface ethernet0

  ip nat inside


interface Dialer0

  ip nat outside


What are we missing? Should we use "ip nat inside destination.."? Is it possible to do this configuration?


Any suggestion will be appreciated!


THANK YOU VERY MUCH IN ADVANCE!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
manish arora Wed, 07/21/2010 - 16:48
User Badges:
  • Silver, 250 points or more

Can you please post debug ip nat out while trying to access your webserver from lan ? also please post complete sh run ( remove passwords + public ip's ). also, your overload nat ip and static nat ip for web server are different right ? or you are doing port translation ?

thanks

manish

Nagaraja Thanthry Wed, 07/21/2010 - 17:04
User Badges:
  • Cisco Employee,

Hello,


You would have to configure NAT Virtual interface and apply NAT to the virtual interface. This will ensure that the NAT is applied irrespective of the interface it is coming from.


Example:


no ip nat source static extendable


You need to do the above with all the existing NAT configurations. You can reinsert them once you configure the below commands.


interface Dialer0

no ip nat outside

ip nat enable

exit


interface Ethernet0

no ip nat inside

ip nat enable

exit


ip nat source static extendable


When you configure like above, the router will create a NVI interface and apply all NAT configurations to that interface. From then onwards, whenever you access any of the translated addresses from any interface, it will be handled by the NVI interface. NVI interface un-nats the traffic and sends it to correct destination.


http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1084652


Hope this helps.


Regards,


NT

Inaki Kortazar Thu, 07/22/2010 - 13:53
User Badges:

Thank you very much for your answers,


We have tried today configuring the NAT virtual interface, but the command "ip nat enable" was not supported. We are using an old 837. Which IOS version should we install?


THANK YOU VERY MUCH!!

Actions

This Discussion