Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

incoming traffic redirection

Hi,

I 'm planing to set up a configuration with SOHO 91 for remote users to access a web server (with private ip address) on my LAN. I have a single public IP for the router outside interface. The question is : can I set up a nat rule translating outgoing trafic with the public interface IP and incoming traffic to the public ip into the private server ip ?

Example :

interface ethernet 0

ip address A.B.C.D

ip nat inside

interface ethernet 1

ip address [public_ip]

ip nat outside

ip nat inside source static [server_ip] [public_ip]

Will this work ? In particular, can a remote user access my server using my public ip ?

Thank you for the help !

1 ACCEPTED SOLUTION

Accepted Solutions

Re: incoming traffic redirection

Hi

int eth 0

ip add 192.168.1.1 255.255.255.0

ip nat inside

int eth 1

ip add 10.0.0.1 255.0.0.0

ip nat outside

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source static tcp 192.168.1.1 80 10.0.0.1 80 extendable

ip nat pool TEST 10.0.0.1 10.0.0.1 netmask 255.0.0.0

ip nat inside source list 1 pool TEST overload

Regards

JD

4 REPLIES

Re: incoming traffic redirection

Yes, but you need to do the following:

ip nat inside source static tcp [server_ip] [L4_port] [public_ip] [L4_port]

The command says that any [L4_port] traffic that is destined to [public_ip] do an address translation to [server_ip] [L4_port]. Since you are accessing a web server it will be port 80 or http.

ip nat inside source static tcp [server_ip] 80 [public_ip] 80

Please rate all posts.

Re: incoming traffic redirection

Hi

int eth 0

ip add 192.168.1.1 255.255.255.0

ip nat inside

int eth 1

ip add 10.0.0.1 255.0.0.0

ip nat outside

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source static tcp 192.168.1.1 80 10.0.0.1 80 extendable

ip nat pool TEST 10.0.0.1 10.0.0.1 netmask 255.0.0.0

ip nat inside source list 1 pool TEST overload

Regards

JD

New Member

Re: incoming traffic redirection

OK.

Thank you all

New Member

Re: incoming traffic redirection

Hi,

My question is very similar so haven't created new thread.

What happens in the scenario where, as in Mathias's example, you have static inbound NAT, for example:

!

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 permit 192.168.10.0 0.0.0.255

!

ip nat inside source static tcp 192.168.10.11 10001 extendable

ip nat inside source static tcp 192.168.10.12 10002 extendable

ip nat inside source static tcp 192.168.10.13 10003 extendable

!

Is there a way of connecting to a.b.c.d via telnet, for management. The static NAT statements seem to have broken this. Is there a way of specifying a 'default' behaviour when specifying a port not mentioned above?

Also, what does the 'extendable' keyword mean exactly?

Thanks,

Mark

157
Views
0
Helpful
4
Replies