Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configure public IP traffic from internal network to internal network itself and not to external network

As of now server A is accesible from external network accessing it using the below mentioned IP and port in http browser
http://x.x.x.x:8080

For the same we have configured port forwarding (static NAT) in the cisco 1905 ISR.

Also from internal network the application is accessible via internal IP and port (ie. http://y.y.y.y:8080)

Is there any way I can configure my Cisco 1905 so that from internal network (ie. from machine B) I can access the application using public IP and port and not with the internal IP ? As of now I am not able to do the same.

The current configurations are as shown below:
access-list 1 permit y.y.y.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

 

1 ACCEPTED SOLUTION

Accepted Solutions

HelloYou can try Domainless

Hello

You can try Domainless Nat .

no ip nat inside source list 1 interface GigabitEthernet0/0 overload
no ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

int gig0/0
no ip nat inside
ip nat enable

int gig0/1
no ip nat inside
ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload
ip nat source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

 

res

Paul
 

 

 

Please don't forget to rate any posts that have been helpful. Thanks.
7 REPLIES

HelloYou can try Domainless

Hello

You can try Domainless Nat .

no ip nat inside source list 1 interface GigabitEthernet0/0 overload
no ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

int gig0/0
no ip nat inside
ip nat enable

int gig0/1
no ip nat inside
ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload
ip nat source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080

 

res

Paul
 

 

 

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Hi Paul,Thank you for the

Hi Paul,

Thank you for the commands. But still, will the router (Cisco 1905 ISR - IOS v15.4) be able to accept the command "ip nat enable", coz i couldn't find the same apart from the command options "ip nat outside" and "ip nat inside". Is this command (ip nat enable) limited to a set of IOS versions ?

Also in case of doing the above configuration will it affect the internet connectivity of inside network, which is nated and routed to the external network using default route and "ip nat inside/outside" command.

Thanks,

Thomas

HelloYes domainlees nat is

Hello

Yes domainlees nat is ios version specific ( but Ive not checked what version is applicable)

Also yes it will cause an outage to change to this variant of NAT.

 

res

Paul

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Hi Paul,The above mentioned

Hi Paul,

The above mentioned configurations worked successfully. Thanks a lot for providing the exact path.

Also at the same time, it would be great if you could share the real concept of this, how it works while comparing it with the conventional NAT.

 

Thanks,

Thomas 

HelloThanks for the rating

Hello

Thanks for the rating

 

please review this http://blog.ine.com/tag/nat/

 

 

res

Paul

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Hello Paul, I have the same

Hello Paul,

 

I have the same issue and I have tried the suggested configuration with no luck.

Thomas said the commands worked for him however for me it looks a little strange. More precisely, I see your suggested command for Gig0/0 is "no ip nat inside". I assume the correct command is "no ip nat outside" (which I actually used in my scenario) since this is the external interface.

After using the suggested configuration, i see no change in router behavior. I can still access the "internal services of y.y.y.y" from Internet using the x.x.x.x public address and also i can access y.y.y.y from LAN. Still i can't access the services from LAN by using the public x.x.x.x address.

 

Any sugestions?

Thomas, maybe you can help by posting your router config as displayed by sho run command (ofcourse without any confidential parameters...)

 

now, my config looks like (full config attached):

interface GigabitEthernet0/0
 ip address *********
 ip nat enable
 duplex auto
 speed auto

interface Vlan1
 ip address *******
 ip nat enable

ip nat source list 1 interface GigabitEthernet0/0 overload

ip nat source static tcp 192.168.1.252 80 interface GigabitEthernet0/0 80

 

 

 

not sure how this works but i manage to solve the issue by adding on each interface (external/internal) the "no ip redirects" line

New Member

(No subject)


3486
Views
9
Helpful
7
Replies
CreatePlease to create content