Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
3
Replies

Web/FTP behind NAT

dhavaltandel
Level 1
Level 1

‎09-12-2006 05:37 AM - edited ‎03-03-2019 01:58 PM

Hello All

I have my web server as well ftp server as well DNS setup locally on private i paddress range eg.192.168.1.11...

I want to access my webserver from outside....

Domain has also been registered....

but following config dosent allowing me to do so...

if i connect directly web server to public ip address than i can browse my website from outside....

but if i put cisco 2621 with following it wont allow mw....

I have Cisco 2621 hardware with IOS version of 12.1 running as gateway.

Cisco 2621 is configured with

interface FastEthernet0/0

ip address xx.xx.xx.xx/24

ip nat outside

interface FastEthernet0/1

ip address 192.168.1.100

ip nat inside

ip nat pool dhara xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.0

ip nat inside source list 10 pool dhara overload

ip nat inside source static tcp 192.168.1.11 80 xx.xx.xx.xx 80 extendable

ip nat inside source static tcp 192.168.1.11 21 xx.xx.xx.xx 21 extendable

ip nat inside source static tcp 192.168.1.11 22 xx.xx.xx.xx 22 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 [ISP GATEWAY]

no ip http server

access-list 10 permit 192.168.1.0 0.0.0.255

Any busy has solution waiting for reply...

Thanks,

Dhaval Tandel

Labels:
0 Helpful
3 Replies 3

mheusinger
Level 10
Level 10

‎09-12-2006 05:58 AM

Hi,

can you post a "show ip nat translation" please?

According to "Configuring Static and Dynamic NAT Simultaneously"

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml or "Configuring Network Address Translation and Static Port Address Translation to Support an Internal Web Server"

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml

your config should be fine, though it is recommended to use two IP addresses for that matter.

Can you try to modify your config in the following manner:

interface FastEthernet0/0

ip address xx.xx.xx.xx/24

ip nat outside

interface FastEthernet0/1

ip address 192.168.1.100

ip nat inside

ip nat pool dhara xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.0

ip nat inside source route-map NATmap pool dhara overload

ip nat inside source static tcp 192.168.1.11 80 xx.xx.xx.xx 80 extendable

ip nat inside source static tcp 192.168.1.11 21 xx.xx.xx.xx 21 extendable

ip nat inside source static tcp 192.168.1.11 22 xx.xx.xx.xx 22 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 [ISP GATEWAY]

no ip http server

route-map NATmap permit 10

match ip address 10

access-list 10 permit 192.168.1.0 0.0.0.255

Sometimes one approach works and the other does not (personal experience). Details on route-maps with NAT can f.e. be found in

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml#backinfo

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful

Wilson Samuel
Level 7
Level 7

‎09-12-2006 06:24 AM

Hi Dhaval,

May I request you to check the DNS A response and along with that, try to Telnet on port 80 on the Public IP Address.

You may use the www.network-tools.com website for the DNS queries and see if the problem is with the DNS or not.

Kind Regards,

Wilson Samuel

0 Helpful

dhavaltandel
Level 1
Level 1
In response to Wilson Samuel

‎09-12-2006 07:56 AM

Hello

I did try with above given config but no luck..

but if i try with my ip address from outside the network like http://xx.xx.xx.xx that it is working...

probably its DNS resolution problem... additionally i try with directly connecting web server with public ip address and it working too..

Thanks,

Dhaval Tandel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card