Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

point traffic from outside to inside

using a 2514 IOS 12.3. NAT seems to be working fine, but running into a problem when i try to direct traffic from my public ip to an internal private ip. Trying to do this with both http and smtp. got the proper command in config, but still not working. Every stops at the router. here is part of my config:

interface Ethernet0

description connected to Internet

ip address 64.28.32.9 255.255.255.224

ip access-group 101 in

ip nat outside

!

interface Ethernet1

description connected to EthernetLAN

ip address 192.168.0.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip inspect Ethernet_1 in

!

router rip

version 2

passive-interface Ethernet0

network 192.168.0.0

no auto-summary

!

ip nat inside source list 1 interface Ethernet0 overload

ip nat inside source static tcp 192.168.0.8 80 64.28.32.9 80 extendable

ip nat inside source static tcp 192.168.0.8 25 64.28.32.9 25 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0

no ip http server

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 101 deny ip any any

access-list 102 permit ip any any

access-list 103 deny ip any any

I'm really stumped as to why it is not working. Am I just missing something? Any help is greatly appreciated.

Thanks

7 REPLIES
Cisco Employee

Re: point traffic from outside to inside

Maybe I am missing something myself, but I appear to be stumped on how anything is working at all. On the outside interface [Ethernet0] you have an inbound ACL applied that denies all ip packets. So any ip packets that come into Ethernet0 - whether they be reply packets on a socket initiated from the inside, or if they originated from the outside - will be denied.

New Member

Re: point traffic from outside to inside

I was stumped too, but it does work. I have no problems with inside machines getting out to the internet. Just can't seem to control the inbound port redirection.

New Member

Re: point traffic from outside to inside

I also noticed that you have applied an ACL 100 on Ethernet 1, but I don't see the ACL anywhere, which could be causing some traffic to be denied as well.

Good luck.

New Member

Re: point traffic from outside to inside

It wont work because you are using NAT and PAT at the same time. With Cisco IOS, you can either use PAT or use NAT. If you want to use both, you would have to use a different IP address for each. So choose another real IP address and do your static NAT. I will suggest NATting everything and then using ACL to control what ports are allowed to the webserver and mail server.

Good luck.

New Member

Re: point traffic from outside to inside

Hi

Thanks for response.

In this case, we will have registered Public IPs available for users who are currently using private IPs. We will use one of these IP as secondary address in the ethernet port and advertise the public address obtained for the private users to the Internet. In this case, we do not use PAT. we use only NAT. Is this right?

New Member

Re: point traffic from outside to inside

Only one public ip on external interface. Everything else is private ip.

New Member

Re: point traffic from outside to inside

No, it is a range of IP which will be a pool of address. In this case, we may have to overload in case, the number of privte IP exceeding the number of public IP available.

130
Views
0
Helpful
7
Replies
CreatePlease login to create content