cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
571
Views
0
Helpful
9
Replies

NAT - Accessing Website Through Outside Interface

kyle.jones1
Level 1
Level 1

Hello,

 

I was hoping for some guidance from someone who can offer any. I am trying to get users to access devices through NAT from the inside using the external interface. I have tried a domainless NAT configuration as well but I am back to what I guess you'd call a more standard NAT as of now. I know DNS plays into this as well so thank you for your help. The windows domain is local.domain.com and main local network is 192.168.10.0. Users get primary DNS server through DHCP which is 192.168.10.2 with 8.8.8.8 as secondary. We are hosting our public website on 192.168.10.5 and we can access the website from the outside fine as I've updated the public DNS records to our ISP IP address and inside as well as long as I point clients to the local IP address. There has to be a way to access the webpage from the inside using the outside IP I would think. Also, concerning ACLs 110 and 111 would adding the statement: [ permit ip 192.168.10.0 0.0.0.255 any ] when assigning them to GigabitEthernet0/1 in keep traffic flowing normal? Would I just need to add it to one or both ACLs? If there is anything else in the configuration that looks off feel free to let me know. Thank you for your help.

 

9 Replies 9

Hello,

I am not clear on what you are asking. Your current configuration looks fine, and all your internal users should be able to access the public IP address of your website. Is that not the case ?

When you use the FQDN of the website, it will probably first always resolve to the local IP address.

Can you clarify your question ?

Right now in the local DNS (Windows server) I have an A record of www.ourdomain.com pointing to 192.168.10.5 and it works, but if I change that record to our public IP or just try to type the public IP into the address bar it will not load the website from the inside. When I type the public IP it asks me to log into the router through http. Everything loads with the website out of the building. Thanks for your assitance.

Hello,

ok, understood.

Try and change the static NAT entry:

ip nat inside source static tcp 192.168.10.5 80 interface GigabitEthernet0/1 80

to:

ip nat inside source static tcp 192.168.10.5 80 x.x.x.x 80 extendable

where x.x.x.x is the IP address of GigabitEthernet0/1.

I tried that and still no luck. I read somewhere that this isn't possible on my router but I do not know how accurate that is. I have a Cisco 1921 IOS router. It is still asking to login to the router through http when I try accesing the webpage using the public IP address.

Hello,

what is the public IP address of the web site ? I want to try and see if I can access it from the outside...

I wet back to domainless NAT again to see if it would work with the extendable added and still no luck.

 

All interfaces:

no ip nat inside/outside

ip nat enable on all

ip nat source list 1 interface GigabitEthernet0/1 overload

no ip nat insidce source list 1 GigabitEthernet0/1 overload

ip nat source static tcp 192.168.10.5 80 hidden 80 extendable

no ip nat inside source static tcp 192.168.10.5 80 hidden 80 extendable

So on and so on....

Hello,

when I type in the IP address, this is what I get:

https://okcgcc.com/

Can you try to change your NAT entry to use port 443 instead of 80 ?

Yeah, I have 443 in there as well. Could having all 3 (80,8080, and 443) be causing the issue?

Hello,

that could be an issue. Try one port (I can connect on 80 and 8080, both get me to https://okcgcc.com)...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco