dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
645
share rss forum feed


Heifinator

@mchsi.com

[HELP] Cisco 1800 1-1 NAT Problems...

Basically I have a server behind my cisco router and I cannot for the life of me get access to it via 1-1 natting off a static IP.

Here is the setup and cisco config with static ips changed.

ISP provided me with a cable modem and a 255.255.255.248 subnet of public IP's (50.50.50.225 - .230)

(.225 is the modem)

The server in question is on FE6 (Vlan2) 192.168.2.5. I can access the server locally from either vlan as well as access the internet from either vlan.

»pastebin.com/gRbjEqcB

Any help is GREATLY appreciated. I am just learning cisco and this is killing me!

HELLFIRE
Premium
join:2009-11-25
kudos:18
Simplest way to do what you want to do would be to change this line

ip nat inside source static tcp 192.168.2.5 80 50.50.50.228 80 extendable
 

to this

ip nat inside source static tcp 192.168.2.5 80 int fastethernet0 80 extendable
 

Other option to bypass changing your config would be to address your servers with said public IP.

Regards


Heifinator

@mchsi.com
I really need to keep this server behind A NAT.

When I go to an outside connection and try browsing to the 50.50.50.228:80 (which I can do locally no problem) It obviously doesnt work... But I get something odd on my ip nat trans table.

I get an inside global of 50.50.50.228:80 and a inside local of 192.168.2.5 but I get no outside local and no outside local address. They are just blank.

Also my ARP table shows the mac for 50.50.50.228 as the FE0 (WAN) mac always, even if I change to a different IP on the range and change the static route to .229, the .229 address then shows arp mac of FE0 (WAN).

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Heifinator
said by Heifinator :

I really need to keep this server behind A NAT.

Then try the fix I gave you.

said by Heifinator :

I get an inside global of 50.50.50.228:80 and a inside local of 192.168.2.5 but I get no outside local and no outside local address. They are just blank.

Because from a routing perspective, right now neither your router nor the ISP's .225 host
know how to get (back) to the 50.50.50.228 address. Question for you, do you know how your
ISP routes to your /21 block? Static routes? Dynamic routing protocol?

Regards