Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT Config

I have a web server sitting on private using standard port 80. I want it to be accessed by public users without changing IP on my server. I enabled static NAT on the router side (ip nat inside source static im wondering why from browser, when i access, it's going nowhere.. is this the right way to do it?

Community Member

Re: NAT Config

well, yes, that is the way to do it.

you have made a one-to-one translation, meaning all connections to the IP will be redirected to

I would instead do:

ip nat inside source static tcp 80

this way, you only forward port 80 and thereby making it a bit more secure.

now, to your problem.. you are testing it from the "outside", right?

You cannot access the external address when you are on the inside of the NAT..

Community Member

Re: NAT Config

are there any acl's applied?

from where did you access inside or outside?

can you post the routers "sh run"?

Re: NAT Config

You should be trying this from the outside.

As from the other post, you necessarily dont need a specify tcp static mapping on port 80. The one you have configured is enough. But this will allow incoming connections on all ports to the server. So its better to statically map those port/ip address combinations, that are needed. (tcp port 80 in this case)

Community Member

Re: NAT Config

I have run into this problem today as well..

I am using putty to connect to a Linux server behind NAT. I get the following error:

2003-10-28 19:57:35 Looking up host "999.999.999.46"

2003-10-28 19:57:35 Connecting to 999.999.999.46 port 22

2003-10-28 19:57:56 Network error: Connection timed out

However I am able to ping the inside server from the router.

My config info:

ip nat inside source static tcp 22 999.999.999.46 22 extendable

NAT is functioning perfectly form the inside out.

CreatePlease to create content