I agree with the previous response that you need a static NAT to allow outside resources to initiate traffic to your server. You also will need NAT or PAT using the router interface address to allow the other hosts in your network to access outside.

You do not need to configure any other of the addresses on the router interface other than the primary IP that you assign to the router interface. As long as the other addresses are used for NAT/PAT they are configured in the nat statements and not on the physical interface.

HTH

Rick

Hello Guys, I have the same problem and followed the configuration provided by Terence having 40.40.40.9 as my WAN router interface and 40.40.40.2 as my server but I can't ping 40.40.40.2 from internet and can only reach 40.40.40.9.

Please help

Thanks in advance

Sergio

Sergio

If it does not work then it is likely that there is some aspect of what you configured that is different from what Terence suggested. If you post what you have configured then perhaps we can identify the problem.

HTH

Rick

Hello and thanks for quick response:

I attach my configuration.

When I ping from internet to 40.40.40.2 there is no reply but from 192.168.1.0 network I have internet connection, also I can ping 40.40.40.9.

Regards

Sergio

Sergio

Thank you for posting the configuration. I have looked through it and do not see any obvious issues in the config. So I would like to check a couple of things:

- you can ping 40.40.40.9 from the Internet?

- the server at 192.168.1.3 is on line and can ping the router address?

- can the server access anything on the Internet?

- what is the IP, mask, and gateway configured on the server?

- can you post the output of show ip nat translations

HTH

Rick

Richard

Thanks for helping, the answers are:

-yes I can ping 40.40.40.9 from the internet

-yes from the server I can ping Router's LAN and WAN interfaces

-yes from the server I can access anything on the internet

-sh ip nat translations

Pro Inside global Inside local Outside local Outside global
icmp 40.40.40.9:56 192.168.1.3:56 8.8.8.8:56 8.8.8.8:56
tcp 40.40.40.9:25986 192.168.1.3:25986 52.7.142.204:80 52.7.142.204:80
tcp 40.40.40.9:25987 192.168.1.3:25987 52.7.142.204:80 52.7.142.204:80
tcp 40.40.40.9:26331 192.168.1.3:26331 52.7.142.204:80 52.7.142.204:80
tcp 40.40.40.9:26332 192.168.1.3:26332 52.7.142.204:80 52.7.142.204:80
tcp 40.40.40.9:26333 192.168.1.3:26333 54.192.81.162:80 54.192.81.162:80
tcp 40.40.40.9:26334 192.168.1.3:26334 54.192.81.162:80 54.192.81.162:80
udp 40.40.40.9:51906 192.168.1.3:51906 125.90.93.203:9800 125.90.93.203:9800
udp 40.40.40.9:53004 192.168.1.3:53004 125.90.93.193:6600 125.90.93.193:6600
udp 40.40.40.9:54909 192.168.1.3:54909 125.90.93.151:6020 125.90.93.151:6020
udp 40.40.40.9:54909 192.168.1.3:54909 125.90.93.151:6070 125.90.93.151:6070
tcp 40.40.40.9:49322 192.168.1.5:49322 95.213.192.71:80 95.213.192.71:80
tcp 40.40.40.9:49326 192.168.1.5:49326 95.213.192.71:80 95.213.192.71:80
tcp 40.40.40.9:49327 192.168.1.5:49327 95.213.192.71:80 95.213.192.71:80
tcp 40.40.40.9:49330 192.168.1.5:49330 95.213.192.71:80 95.213.192.71:80
tcp 40.40.40.9:49331 192.168.1.5:49331 95.213.192.71:80 95.213.192.71:80
--- 40.40.40.2 192.168.1.3 --- ---

I also tried to change access-list 101 like this:

access-list 101 deny ip host 192.168.1.3 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any

and when I issue clear ip nat translations *, ping from internet and then sh ip nat translations I get only the following:

icmp 40.40.40.2:51 192.168.1.3:51 8.8.8.8:51 8.8.8.8:51
udp 40.40.40.2:59072 192.168.1.3:59072 200.87.100.10:53 200.87.100.10:53
--- 40.40.40.2 192.168.1.3 --- ---

with this change the server can't access the internet too

PD: 200.87.100.10 is a DNS

Regards
Sergio

Hello,

Is there a way to configure an ip address range in the WAN interface or not to configure an ip address there?

Regards

Sergio

Sergio

I am not aware of any way to configure an ip address range on an interface other than to configure one ip address as primary and to configure multiple other ip addresses (which could form a range) as secondary addresses. But I can not understand why you might want to do this. You could configure an interface to learn its address via DHCP in which case the configuration has no ip address configured but the interface does have a functional ip address. You can, of course, configure an interface with "no ip address" and in this case the interface would not process ip packets.

HTH

Rick

Richard

Thanks a lot for your help, I didn't know what else to do that time, I think it is a problem with my ISP, I have tried nat with another router connected to another interface in my ISP's device and it worked, I realized that when I try to ping from internet having both routers connected It always try to get the test router and not my production router. When I only use the production router and I ping from Internet to internal server I get something like the following when I issue "sh ip nat trans":

icmp 40.40.40.2:489 192.168.1.3:489 40.40.40.1:489 40.40.40.1:489
icmp 40.40.40.2:490 192.168.1.3:490 40.40.40.1:490 40.40.40.1:490
icmp 40.40.40.2:491 192.168.1.3:491 40.40.40.1:491 40.40.40.1:491
icmp 40.40.40.2:492 192.168.1.3:492 40.40.40.1:492 40.40.40.1:492
icmp 40.40.40.2:493 192.168.1.3:493 40.40.40.1:493 40.40.40.1:493
icmp 40.40.40.2:494 192.168.1.3:494 40.40.40.1:494 40.40.40.1:494
icmp 40.40.40.2:495 192.168.1.3:495 40.40.40.1:495 40.40.40.1:495
icmp 40.40.40.2:496 192.168.1.3:496 40.40.40.1:496 40.40.40.1:496
icmp 40.40.40.2:497 192.168.1.3:497 40.40.40.1:497 40.40.40.1:497
icmp 40.40.40.2:498 192.168.1.3:498 40.40.40.1:498 40.40.40.1:498
icmp 40.40.40.2:499 192.168.1.3:499 40.40.40.1:499 40.40.40.1:499
icmp 40.40.40.2:500 192.168.1.3:500 40.40.40.1:500 40.40.40.1:500
icmp 40.40.40.2:501 192.168.1.3:501 40.40.40.1:501 40.40.40.1:501
icmp 40.40.40.2:502 192.168.1.3:502 40.40.40.1:502 40.40.40.1:502
icmp 40.40.40.2:503 192.168.1.3:503 40.40.40.1:503 40.40.40.1:503
icmp 40.40.40.2:504 192.168.1.3:504 40.40.40.1:504 40.40.40.1:504
icmp 40.40.40.2:505 192.168.1.3:505 40.40.40.1:505 40.40.40.1:505
icmp 40.40.40.2:506 192.168.1.3:506 40.40.40.1:506 40.40.40.1:506
icmp 40.40.40.2:507 192.168.1.3:507 40.40.40.1:507 40.40.40.1:507
icmp 40.40.40.2:508 192.168.1.3:508 40.40.40.1:508 40.40.40.1:508
icmp 40.40.40.2:509 192.168.1.3:509 40.40.40.1:509 40.40.40.1:509
icmp 40.40.40.2:510 192.168.1.3:510 40.40.40.1:510 40.40.40.1:510
icmp 40.40.40.2:511 192.168.1.3:511 40.40.40.1:511 40.40.40.1:511
icmp 40.40.40.2:512 192.168.1.3:512 40.40.40.1:512 40.40.40.1:512
icmp 40.40.40.2:513 192.168.1.3:513 40.40.40.1:513 40.40.40.1:513
icmp 40.40.40.2:514 192.168.1.3:514 40.40.40.1:514 40.40.40.1:514
icmp 40.40.40.2:515 192.168.1.3:515 40.40.40.1:515 40.40.40.1:515
icmp 40.40.40.2:516 192.168.1.3:516 40.40.40.1:516 40.40.40.1:516
icmp 40.40.40.2:517 192.168.1.3:517 40.40.40.1:517 40.40.40.1:517
icmp 40.40.40.2:518 192.168.1.3:518 40.40.40.1:518 40.40.40.1:518
icmp 40.40.40.2:519 192.168.1.3:519 40.40.40.1:519 40.40.40.1:519
icmp 40.40.40.2:520 192.168.1.3:520 40.40.40.1:520 40.40.40.1:520
icmp 40.40.40.2:521 192.168.1.3:521 40.40.40.1:521 40.40.40.1:521
icmp 40.40.40.2:522 192.168.1.3:522 40.40.40.1:522 40.40.40.1:522
icmp 40.40.40.2:523 192.168.1.3:523 40.40.40.1:523 40.40.40.1:523
icmp 40.40.40.2:524 192.168.1.3:524 40.40.40.1:524 40.40.40.1:524
icmp 40.40.40.2:525 192.168.1.3:525 40.40.40.1:525 40.40.40.1:525
icmp 40.40.40.2:526 192.168.1.3:526 40.40.40.1:526 40.40.40.1:526
icmp 40.40.40.2:527 192.168.1.3:527 40.40.40.1:527 40.40.40.1:527
icmp 40.40.40.2:528 192.168.1.3:528 40.40.40.1:528 40.40.40.1:528
icmp 40.40.40.2:529 192.168.1.3:529 40.40.40.1:529 40.40.40.1:529
icmp 40.40.40.2:530 192.168.1.3:530 40.40.40.1:530 40.40.40.1:530

Being 40.40.40.1 my ISP's gateway

It's like opening a new port for every ping I made, really weird

Regards

Sergio