Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring NAT to Allow the Internet to Access Internal Devices

i need a simple config using my router and nat to allw the internet to access internal devices..

3 REPLIES

Re: Configuring NAT to Allow the Internet to Access Internal Dev

The following is a working example that allows public ip address to access a web server in private network 192.168.1.0/24. Just remove and replace the interface types:

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface Ethernet1

ip address dhcp

ip nat outside

duplex auto

ip nat inside source static tcp 192.168.1.99 80 interface Ethernet1 80

Please rate helpful posts.

New Member

Re: Configuring NAT to Allow the Internet to Access Internal Dev

I have inserted your commands

ip nat inside source static tcp 192.168.1.99 80 210.5.c.v 80

but i can not access..

the problem remains,,

Re: Configuring NAT to Allow the Internet to Access Internal Dev

Dear Ehsan

Below is the config I have been doing:It is basically a LAB setup in which I have public IPs 192.168.1.0/24 and private IPs 192.168.2.0/24.Now I am giving 192.168.1.165/24 on one ethernet and 192.168.2.1/24 on another ethernet.I have kept a webserver (a Ip camera with a web server..to be precise), which is given a IP 192.168.2.200/24. Now from pool 192.168.1.0 (My PC ip is 192.168.1.75/24) I give 192.168.1.165 in my web browser, and I get access to my network camera.

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret xxxx

!

username cisco password 0 cisco

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

!

!

no ftp-server write-enable

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.165 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip nat pool test 192.168.1.165 192.168.1.165 netmask 255.255.255.0

ip nat inside source list 1 pool test overload

ip nat inside source static 192.168.2.200 192.168.1.165

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.254

ip http server

!

access-list 1 permit 192.168.2.0 0.0.0.255

!

line con 0

line aux 0

line vty 0 4

login local

line vty 5 15

login local

!

!

!

end

Router#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1197 192.168.1.75:1197

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1200 192.168.1.75:1200

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1201 192.168.1.75:1201

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1202 192.168.1.75:1202

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1203 192.168.1.75:1203

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1204 192.168.1.75:1204

--- 192.168.1.165 192.168.2.200 --- ---

There may be some issue with your mail server.

Regards

JD

558
Views
5
Helpful
3
Replies
CreatePlease login to create content