Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Nat Statements

Status
Not open for further replies.
flopeedo

flopeedo

Programmer
Sep 30, 2011
23
US
I am having an Issue configuring an inside to inside Nat on a cisco 2901.

On the inside is one webserver: Example 192.168.75.3

For discussion, let's say the outside IP address is 1.2.3.4

I have created my nat statments to allow port 80 to translate to the public IP.

Now, this all works great if we come from the outside; both and work without a hitch.

But, if a client tries to connect from the inside to or nothing happens.
Page cannot be displayed.

Config below:

interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip virtual-reassembly in
ip policy route-map vpn
!
!
interface GigabitEthernet0/0
ip address 1.2.3.4 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface GigabitEthernet0/1
ip address 192.168.75.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
!
!
ip local pool SDM_POOL_1 172.16.2.50 172.16.2.99
ip forward-protocol nd
!
!
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.75.3 80 1.2.3.4 80 extendable
ip route 0.0.0.0 0.0.0.0 1.2.3.5
ip route 172.16.2.0 255.255.255.0 Loopback0

!
ip access-list extended NAT
remark SDM_ACL Catergory=2
deny ip 192.168.75.0 0.0.0.255 172.16.2.0 0.0.0.255
permit ip any any
ip access-list extended VPN
remark SDM_ACL Category=4
permit ip 192.168.75.0 0.0.0.255 any
!
access-list 150 permit ip host 1.1.1.1 172.16.2.0 0.0.0.255
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address NAT
!
route-map vpn permit 10
match ip address 150
set ip default next-hop 1.2.3.5


Any Help is Greatly Appreciated.
 
Sort by date Sort by votes
If I understand NAT correctly, coming from the inside and trying to reach won't work. You will need to access the internal address.

From an internal client (on the 192.168.75.x network) can you ping the internal IP address of the webserver (make sure the webserver is configured to respond to ICMP packets).
 
Upvote 0 Downvote
I also met this problem, the problem is static nat works fine, outside user can use global ip to access web server, but internal user can't get internal server by gloable IP.
 
Upvote 0 Downvote
-what is the range of your internal network ?
-what interface is said internal network connected to (coming in from?)
-what interface is your webserver connected to?
-what is the error message you are getting when trying to connect to webserver from inside?

your inside routing has nothing to do w/ NAT ...



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
236
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
215
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
210
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
215
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
273
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top