Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1078
Views
5
Helpful
3
Replies

Configuring NAT to Allow the Internet to Access Internal Devices

emadehsan
Level 1
Level 1

‎08-12-2006 05:57 AM - edited ‎03-03-2019 04:29 AM

i need a simple config using my router and nat to allw the internet to access internal devices..

Labels:
0 Helpful
3 Replies 3

Roberto Salazar
Level 8
Level 8

‎08-12-2006 07:39 AM

The following is a working example that allows public ip address to access a web server in private network 192.168.1.0/24. Just remove and replace the interface types:

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface Ethernet1

ip address dhcp

ip nat outside

duplex auto

ip nat inside source static tcp 192.168.1.99 80 interface Ethernet1 80

Please rate helpful posts.

emadehsan
Level 1
Level 1
In response to Roberto Salazar

‎08-12-2006 10:32 PM

I have inserted your commands

ip nat inside source static tcp 192.168.1.99 80 210.5.c.v 80

but i can not access..

the problem remains,,

0 Helpful

desai.jaideep
Level 5
Level 5
In response to emadehsan

‎08-12-2006 10:40 PM

Dear Ehsan

Below is the config I have been doing:It is basically a LAB setup in which I have public IPs 192.168.1.0/24 and private IPs 192.168.2.0/24.Now I am giving 192.168.1.165/24 on one ethernet and 192.168.2.1/24 on another ethernet.I have kept a webserver (a Ip camera with a web server..to be precise), which is given a IP 192.168.2.200/24. Now from pool 192.168.1.0 (My PC ip is 192.168.1.75/24) I give 192.168.1.165 in my web browser, and I get access to my network camera.

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret xxxx

!

username cisco password 0 cisco

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

!

!

no ftp-server write-enable

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.165 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip nat pool test 192.168.1.165 192.168.1.165 netmask 255.255.255.0

ip nat inside source list 1 pool test overload

ip nat inside source static 192.168.2.200 192.168.1.165

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.254

ip http server

!

access-list 1 permit 192.168.2.0 0.0.0.255

!

line con 0

line aux 0

line vty 0 4

login local

line vty 5 15

login local

!

!

!

end

Router#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1197 192.168.1.75:1197

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1200 192.168.1.75:1200

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1201 192.168.1.75:1201

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1202 192.168.1.75:1202

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1203 192.168.1.75:1203

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1204 192.168.1.75:1204

--- 192.168.1.165 192.168.2.200 --- ---

There may be some issue with your mail server.

Regards

JD

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents