09-12-2006 05:37 AM - edited 03-03-2019 01:58 PM
Hello All
I have my web server as well ftp server as well DNS setup locally on private i paddress range eg.192.168.1.11...
I want to access my webserver from outside....
Domain has also been registered....
but following config dosent allowing me to do so...
if i connect directly web server to public ip address than i can browse my website from outside....
but if i put cisco 2621 with following it wont allow mw....
I have Cisco 2621 hardware with IOS version of 12.1 running as gateway.
Cisco 2621 is configured with
interface FastEthernet0/0
ip address xx.xx.xx.xx/24
ip nat outside
interface FastEthernet0/1
ip address 192.168.1.100
ip nat inside
ip nat pool dhara xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.0
ip nat inside source list 10 pool dhara overload
ip nat inside source static tcp 192.168.1.11 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 192.168.1.11 21 xx.xx.xx.xx 21 extendable
ip nat inside source static tcp 192.168.1.11 22 xx.xx.xx.xx 22 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 [ISP GATEWAY]
no ip http server
access-list 10 permit 192.168.1.0 0.0.0.255
Any busy has solution waiting for reply...
Thanks,
Dhaval Tandel
09-12-2006 05:58 AM
Hi,
can you post a "show ip nat translation" please?
According to "Configuring Static and Dynamic NAT Simultaneously"
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml or "Configuring Network Address Translation and Static Port Address Translation to Support an Internal Web Server"
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml
your config should be fine, though it is recommended to use two IP addresses for that matter.
Can you try to modify your config in the following manner:
interface FastEthernet0/0
ip address xx.xx.xx.xx/24
ip nat outside
interface FastEthernet0/1
ip address 192.168.1.100
ip nat inside
ip nat pool dhara xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.0
ip nat inside source route-map NATmap pool dhara overload
ip nat inside source static tcp 192.168.1.11 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 192.168.1.11 21 xx.xx.xx.xx 21 extendable
ip nat inside source static tcp 192.168.1.11 22 xx.xx.xx.xx 22 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 [ISP GATEWAY]
no ip http server
route-map NATmap permit 10
match ip address 10
access-list 10 permit 192.168.1.0 0.0.0.255
Sometimes one approach works and the other does not (personal experience). Details on route-maps with NAT can f.e. be found in
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml#backinfo
Hope this helps! Please rate all posts.
Regards, Martin
09-12-2006 06:24 AM
Hi Dhaval,
May I request you to check the DNS A response and along with that, try to Telnet on port 80 on the Public IP Address.
You may use the www.network-tools.com website for the DNS queries and see if the problem is with the DNS or not.
Kind Regards,
Wilson Samuel
09-12-2006 07:56 AM
Hello
I did try with above given config but no luck..
but if i try with my ip address from outside the network like http://xx.xx.xx.xx that it is working...
probably its DNS resolution problem... additionally i try with directly connecting web server with public ip address and it working too..
Thanks,
Dhaval Tandel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: