Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How do I enable "Internet NAT redirection" on an IOS firewall ?


I have a 2811 IOS router (12.4) with a DSL interface.

I am using Static NAT for my web server & Dynamic NAT for my LAN users.

I can access the web server internally, but cant access it using its external IP address.

I have been struggling with this for over a year now, and on my Linksys router, I see that there is a nice feature to turn this on / off.

From my lan, if I traceroute to the webserver external IP address, I dont even get to the router. Instead I get a reply immediately.

For example, my WebServer IP address is 19x.1.1.115 and my IP range is 19x.1.113-127

When I traceroute from a PC on the LAN to 19x.1.1.115, I get a response immediately.

On the other hand, if I traceroute to 19x.1.1.117 (non-existant host), the route goes via the Router and then out to the Internet.

I am sure its the static NAT / dynamic NAT combination that is messing it up, but even with route maps applied, I still cant seem to figure out how to get this fixed.

Any ideas on how I can enable this feature on the IOS router ??


Cisco Employee

Re: How do I enable "Internet NAT redirection" on an IOS firewal

If the Static NAT is configured correctly to valid routable IP Address and if you are not blocking HTTP to the server, then users should be able to get to the server from the internet. Can you post your configuration if possible.



New Member

Re: How do I enable "Internet NAT redirection" on an IOS firewal


The problem is not with users from the Internet getting to the webserver.

That works fine.

Its just that LAN users cant reach the web server using the "External" IP address.

They can however access it using the "Internal" address.

CreatePlease to create content