Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT/PAT using outside-ip on inside net

Hi Experts,

I am running a simple local net > (831) > (cable) ISP

DHCP(client), DDNS, NAT inside, FW and ACL (for the current needs) and NTP runs smoothly.


831 et0:

et1: dhcp-ip (from ISP)

But there is one ugly problem I am struggeling with:

In my private network there are several Web- and other servers

that are accessible from outside w/o any problem.

When I try to access one of the internal devices (example: Webserver on

from an internal client ( using the webservers nat/patted outside adress

(http://dhcp-ip:1080) this request will run into nirvana.

http://dhcp-ip:1080 from an outside client will be nat/patted to the correct internal


I have performed some experiments with "ip nat outside", "route-map" and "NVI" but I am lost a little bit.


Request from local client to http://DHCP-ip:1080 should

route to

..this is basically the same functionality compared to

calling http://DHCP-ip:1080 from an outside client.

Please enlight me :)


config as attachment


I have tried already the following


interface Ethernet0

<same as above>

ip policy route-map NBG01_1080


access-list 150 deny tcp host eq 1080 any eq 1080 log-input

access-list 151 permit tcp host eq 1080 any eq 1080 log-input


route-map NBG01_1080 permit 10

match ip address 150

set ip next-hop


route-map NBG01_1080 permit 20

set interface Ethernet1



which should(!) deny every tcp packet port 1080 on et0 accept from (acl 150) and

route-map this to

This does not work (acl 150 shows correct denies in the log (while

accessing "http://DHCP-ip:1080" from an inside client); but the "next-hop"

seems not to work.

Anyway this is a suboptimal solution because it triggers on port 1080 to

every target from internal which might cause problems in the future.

In addition I tried "ip nat pool.." but I have a litte lack of insight here ;))

Addn: no, changing DNS entries on the local clients will not help, because ther e are several ports PATed.

Best regards, Stephan

New Member

Re: NAT/PAT using outside-ip on inside net

If you did have an internal DNS server, you would then be able to call that server DHCP-IP by name and on the inside it would resolve correctly right? Can you connect to If so then that should solve the problem.

New Member

Re: NAT/PAT using outside-ip on inside net

Hi cdusio.

yes, I do have an internal DNS, but I have many internal systems as well.

So having in my DNS DHCP-IP-HOSTNAME

will solve this problem for this box

(because is then the same as

DHCP-IP-HOSTNAME:1080) but not solve the problem for other webservers/servers

This all should as transparent as from outside....

thnx, Stephan

New Member

Re: NAT/PAT using outside-ip on inside net

updated: config.text

New Member

Re: NAT/PAT using outside-ip on inside net

I have a question about your config, if you would be so kind as to help me. I have an 831 that I am trying to get up and running on my small lan that is similar to yours. one the wan side i have a cable modem, attached to e1. On the other side I have a 2900 switch that I am trying to attach to e0, the problem is that, I dont know where to plug my switch into. I see that you are successfully using e0 based on this section of your config:

interface Ethernet0

description $FW_INSIDE$$ETH-LAN$

ip address

ip access-group 100 in

ip nat inside

ip virtual-reassembly

E1 is easily marked on this router but, the E0 side seems to be a 4 port switch. I can assign E1 an interface yet, when I plug my switch into this router, I do not get a link.

Can you please tell me what I am doing wrong?

Thank You!

CreatePlease to create content