Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT - external interface question

Status
Not open for further replies.
grundy

grundy

Technical User
Joined
Apr 12, 2003
Messages
146
Location
US
We have our cisco router doing DHCP and performing NAT. We are not doing internal DNS.

We run internal mail, web & ftp. With our old router when we went to resolve mail.domain.com it would come back and reply with the external ip but allow us to connect.

With the cisco it resolves to the external IP but won't connect back in. It leaves OK but doesn't enter back through the router.

Another example is from inside the network I can't browse to our external IP and see our webserver.

Any ideas on how or what is different with Cisco's nat?
 
Sort by date Sort by votes
Would it work if I just do a

ip nat source static tcp EXTERNAL IP to INTERNAL IP?

 
Upvote 0 Downvote
HOw many public IP addresses do you have? If you have numerous IP's and one of them is only dedicated to mail, then you can do a static nat.
However, if you only have one public IP (which I'm suspecting you have), then you'll need to put in some other statements.
 
Upvote 0 Downvote
Also, for static NAT, you need the inside or outside keyword after the word "nat". The thing I believe you want is
ip nat inside source static tcp INSIDE SERVER ADDRESS PORT number int OUTSIDE INTERFACE PORT NUMBER
like this...say my ftp server is 10.0.0.8, and the interface facing the cold and cruel world is interface dialer 1...
router(config)#ip nat inside source static tcp 10.0.0.8 21 int di1 21
Like that. This I believe is all I can say without you posting a config. Hope this helps.

Burt
 
Upvote 0 Downvote
Right now I have

ip nat inside source static tcp 192.168.100.49 80 1.2.3.4 80 extendable

So all I need to do is change the external IP to int Serial1/0?
 
Upvote 0 Downvote
You can do either way (ip or interface name) but, you'll need to add a another line for each service that you are running. Right now that config is showing that you have port 80 ( so you'll need to add lines for ftp and/or mail.
 
Upvote 0 Downvote
I have all those lines, what's not working is from inside the network going to the external interface

1.2.3.4 doesn't load up.

 
Upvote 0 Downvote
1.2.3.4 doesn't load up from what? Inside the network? I'm lost.

Burt
 
Upvote 0 Downvote
Correct, from the internal network I enter the external IP and can't get anything to resolve. (for example the webserver)
 
Upvote 0 Downvote
Well, if you mean like like when you ping it from a pc? I'm not sure why you would want to put in the public IP adress for a server that's on the inside of your network...that is where I am confused. Only thing I can suggest without seeing a config is try
router(config)#ip domain lookup
Please post a show run.

Burt
 
Upvote 0 Downvote
I'm confused too... Without seeing your running config, there's no way we can really help you. If you do post it, just omit all of the important stuff (IP's, usernames) with X's.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
410
badwolf1686
B
PThomp3344
  • Locked
  • Question Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
691
nt8d09
nt8d09
Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
510
Zero6
Zero6
dchapman00
  • Locked
  • Question Question
Cisco 7961 external busy lamp
Replies
0
Views
205
dchapman00
dchapman00
Mogles49
  • Locked
  • Question Question
Firewall ACL question
Replies
1
Views
358
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top