Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT problem in router 831

Hello all,

I have a problem with NAT in my Cisco router 831. My network topology looks like this: I have a router 831, in ethernet 0 is connected my main switch (cisco 2950), in ethernet 1 is connect my isp modem, and in ethernet 2 (DMZ zone) is connected another 2950 switch, with a webserver connected to it.

When I access my router through SDM, I try to add an address translation rule (NAT, Edit NAT Configuration, Add), to be able to access the webserver from WAN. The IP of the webserver is 172.25.4.10/16. These are the entries when I add the rule to the NAT config:

NAT Static

Direction: from outside to inside

Outside interface: Ethernet 1

IP Address: ***.***.***.*** (my ISP address)

Inside interfaces: Ethernet0,Ethernet2

IP Address: 172.25.4.10 (webserver)

Redirect port(checked)

TCP(original port:80-translated port:80)

Now I click OK, and the problem occurs. The webserver is now unreachable. His IP Address is now 0.0.0.0 and I get this error in taskbar: LAN is unavailable. Windows cannot connect to a network at this time. Please update your network address.

When I try to force the NIC to use 172.25.4.10 in tcp-ip properties, it gets me the following error: The static IP address that was just configured is already in use on the network. Please reconfigure a different IP address.

It seems like the router is assigning the IP somewhere and I cannot use it anymore.

I made some research on this forum and on google, but I didn't found any answers to my problem. I recently upgraded my IOS to the latest version. Can anyone help me out on this please?

5 REPLIES
Silver

Re: NAT problem in router 831

This seems wrong.

How do you translate addresses of your network on ETH0?

I'm pretty usre that once you add addresses to the pool, it can no longer be used on router. You need to translate station's addresses, not the router's address.

You need to use PAT.

Re: NAT problem in router 831

Just for clarification, did you try to configure the same NAT using the IOS CLI?

Vlad

Bronze

Re: NAT problem in router 831

Hello,

I think the direction of the translation has to inside to outside.

The following line should appear in your configuration:

ip nat inside source static tcp 172.25.4.10 80 xxx.xxx.xxx.xxx 80 extendable

where xxx.xxx.xxx.xxx is the public IP address assigned to you by your provider. If that line does not exist in your configuration, try to add it manually by using the CLI.

Regards,

Nethelper

New Member

Re: NAT problem in router 831

Hello all,

Thx nethelper I will try this config!

I am starting with Cisco products, and I still have some interogations and confusions about DMZ with NAT and PAT. Can someone clear me up with these terms: Static NAT, Dynamic NAT, Pool NAT, NAT overload, extendable, PAT, etc.. and if it is prefered to work with NAT in SDM or CLI?

I will try that command in SDM and give you guys a follow-up!

Thanks.

New Member

Re: NAT problem in router 831

Hello,

it works perfectly now :)

As mentionned by Nethelper, I was wrong, I was doing a NAT Outside to Inside.

that line did make it work:

ip nat inside source static tcp 172.25.4.10 80 xxx.xxx.xxx.xxx 80 extendable

But I still don't understand why that is not the opposite (nat outside to inside, instead of nat inside to outside).

Thanks guys!

197
Views
0
Helpful
5
Replies
CreatePlease login to create content