Configure public IP traffic from internal network to internal network itself and not to external network
As of now server A is accesible from external network accessing it using the below mentioned IP and port in http browser http://x.x.x.x:8080
For the same we have configured port forwarding (static NAT) in the cisco 1905 ISR.
Also from internal network the application is accessible via internal IP and port (ie. http://y.y.y.y:8080)
Is there any way I can configure my Cisco 1905 so that from internal network (ie. from machine B) I can access the application using public IP and port and not with the internal IP ? As of now I am not able to do the same.
The current configurations are as shown below: access-list 1 permit y.y.y.0 0.0.0.255 ip nat inside source list 1 interface GigabitEthernet0/0 overload ip nat inside source static tcp y.y.y.y 8080 interface GigabitEthernet0/0 8080
Thank you for the commands. But still, will the router (Cisco 1905 ISR - IOS v15.4) be able to accept the command "ip nat enable", coz i couldn't find the same apart from the command options "ip nat outside" and "ip nat inside". Is this command (ip nat enable) limited to a set of IOS versions ?
Also in case of doing the above configuration will it affect the internet connectivity of inside network, which is nated and routed to the external network using default route and "ip nat inside/outside" command.
I have the same issue and I have tried the suggested configuration with no luck.
Thomas said the commands worked for him however for me it looks a little strange. More precisely, I see your suggested command for Gig0/0 is "no ip nat inside". I assume the correct command is "no ip nat outside" (which I actually used in my scenario) since this is the external interface.
After using the suggested configuration, i see no change in router behavior. I can still access the "internal services of y.y.y.y" from Internet using the x.x.x.x public address and also i can access y.y.y.y from LAN. Still i can't access the services from LAN by using the public x.x.x.x address.
Thomas, maybe you can help by posting your router config as displayed by sho run command (ofcourse without any confidential parameters...)
now, my config looks like (full config attached):
interface GigabitEthernet0/0 ip address ********* ip nat enable duplex auto speed auto
interface Vlan1 ip address ******* ip nat enable
ip nat source list 1 interface GigabitEthernet0/0 overload
ip nat source static tcp 192.168.1.252 80 interface GigabitEthernet0/0 80
not sure how this works but i manage to solve the issue by adding on each interface (external/internal) the "no ip redirects" line
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...