«

Hello,

I am new to Cisco and am having mild difficulties. I have a internal ip
(192.168.1.x) and an external network (172.16.32.x).

I have a web server in the 192.168.1.x network that is up and running.
I setup nat so that the computers in 172.16.32.x can access the web
server. That works fine. The problem I am having is that no one on the
internal network (192.168.1.x) can access the webserver from the
external IP address (172.16.32.10).

ASCII Diagram

[HTTP SERV 192.168.1.100] ------| [FE1 192.168.1.1] [FE0 172.16.32.10]
| ------ [172.16.32.x]

So if a computer say 192.168.1.15 points a web browser to 172.16.32.10
they get nothing. They can ping it, but that is all.

Any help would be wonderful!

Thanks
Robert

<> wrote in message
news: ups.com...
> Hello,
>
> I am new to Cisco and am having mild difficulties. I have a internal ip
> (192.168.1.x) and an external network (172.16.32.x).
>
> I have a web server in the 192.168.1.x network that is up and running.
> I setup nat so that the computers in 172.16.32.x can access the web
> server. That works fine. The problem I am having is that no one on the
> internal network (192.168.1.x) can access the webserver from the
> external IP address (172.16.32.10).
>
> ASCII Diagram
>
> [HTTP SERV 192.168.1.100] ------| [FE1 192.168.1.1] [FE0 172.16.32.10]
> | ------ [172.16.32.x]
>
> So if a computer say 192.168.1.15 points a web browser to 172.16.32.10
> they get nothing. They can ping it, but that is all.
>
> Any help would be wonderful!
>
> Thanks
> Robert
>

If you're having hosts in the same subnet as the web server (192.168.1.x)
access the web server on its external address (172.16.32.10) you need to be
natting the source address of the clients so the web server replies to that
address and doesn't reply directly back to the clients. Clients expect
traffic to come from "172.16.32.10".

BernieM

Here is what I have in my NAT:

Vlan1
inside = 192.168.1.1

FE0
outside = 172.16.32.10

ip nat inside source list 1 interface FastEthernet0 Overload
ip nat inside source static tcp 192.168.1.100 80 interface
fastethernet0 80

What else would I need ?

Thanks again.

BernieM wrote:
> <> wrote in message
> news: ups.com...
> > Hello,
> >
> > I am new to Cisco and am having mild difficulties. I have a internal ip
> > (192.168.1.x) and an external network (172.16.32.x).
> >
> > I have a web server in the 192.168.1.x network that is up and running.
> > I setup nat so that the computers in 172.16.32.x can access the web
> > server. That works fine. The problem I am having is that no one on the
> > internal network (192.168.1.x) can access the webserver from the
> > external IP address (172.16.32.10).
> >
> > ASCII Diagram
> >
> > [HTTP SERV 192.168.1.100] ------| [FE1 192.168.1.1] [FE0 172.16.32.10]
> > | ------ [172.16.32.x]
> >
> > So if a computer say 192.168.1.15 points a web browser to 172.16.32.10
> > they get nothing. They can ping it, but that is all.
> >
> > Any help would be wonderful!
> >
> > Thanks
> > Robert
> >
>
> If you're having hosts in the same subnet as the web server (192.168.1.x)
> access the web server on its external address (172.16.32.10) you need to be
> natting the source address of the clients so the web server replies to that
> address and doesn't reply directly back to the clients. Clients expect
> traffic to come from "172.16.32.10".
>
> BernieM

>> <> wrote in message
>> news: ups.com...
>> > Hello,
>> >
>> > I am new to Cisco and am having mild difficulties. I have a internal ip
>> > (192.168.1.x) and an external network (172.16.32.x).
>> >
>> > I have a web server in the 192.168.1.x network that is up and running.
>> > I setup nat so that the computers in 172.16.32.x can access the web
>> > server. That works fine. The problem I am having is that no one on the
>> > internal network (192.168.1.x) can access the webserver from the
>> > external IP address (172.16.32.10).
>> >
>> > ASCII Diagram
>> >
>> > [HTTP SERV 192.168.1.100] ------| [FE1 192.168.1.1] [FE0 172.16.32.10]
>> > | ------ [172.16.32.x]
>> >
>> > So if a computer say 192.168.1.15 points a web browser to 172.16.32.10
>> > they get nothing. They can ping it, but that is all.
>> >
>> > Any help would be wonderful!
>> >
>> > Thanks
>> > Robert
>> >
>>
> BernieM wrote:
>> If you're having hosts in the same subnet as the web server (192.168.1.x)
>> access the web server on its external address (172.16.32.10) you need to
>> be
>> natting the source address of the clients so the web server replies to
>> that
>> address and doesn't reply directly back to the clients. Clients expect
>> traffic to come from "172.16.32.10".
>>
>> BernieM

>
<> wrote in message
news: oups.com...
> Here is what I have in my NAT:
>
> Vlan1
> inside = 192.168.1.1
>
> FE0
> outside = 172.16.32.10
>
> ip nat inside source list 1 interface FastEthernet0 Overload
> ip nat inside source static tcp 192.168.1.100 80 interface
> fastethernet0 80
>
> What else would I need ?
>
> Thanks again.
>

I don't think you can do it because you can't configure an interface as both
'nat inside' and 'nat outside' it has to be one or the other. Clients in
the same subnet at the server need to use the servers real adddress.

BernieM

"BernieM" <> wrote in message
news:4bHIg.19452$...
>
>>> <> wrote in message
>>> news: ups.com...
>>> > Hello,
>>> >
>>> > I am new to Cisco and am having mild difficulties. I have a internal
>>> > ip
>>> > (192.168.1.x) and an external network (172.16.32.x).
>>> >
>>> > I have a web server in the 192.168.1.x network that is up and running.
>>> > I setup nat so that the computers in 172.16.32.x can access the web
>>> > server. That works fine. The problem I am having is that no one on the
>>> > internal network (192.168.1.x) can access the webserver from the
>>> > external IP address (172.16.32.10).
>>> >
>>> > ASCII Diagram
>>> >
>>> > [HTTP SERV 192.168.1.100] ------| [FE1 192.168.1.1] [FE0
>>> > 172.16.32.10]
>>> > | ------ [172.16.32.x]
>>> >
>>> > So if a computer say 192.168.1.15 points a web browser to 172.16.32.10
>>> > they get nothing. They can ping it, but that is all.
>>> >
>>> > Any help would be wonderful!
>>> >
>>> > Thanks
>>> > Robert
>>> >
>>>
>> BernieM wrote:
>>> If you're having hosts in the same subnet as the web server
>>> (192.168.1.x)
>>> access the web server on its external address (172.16.32.10) you need to
>>> be
>>> natting the source address of the clients so the web server replies to
>>> that
>>> address and doesn't reply directly back to the clients. Clients expect
>>> traffic to come from "172.16.32.10".
>>>
>>> BernieM
>
>>
> <> wrote in message
> news: oups.com...
>> Here is what I have in my NAT:
>>
>> Vlan1
>> inside = 192.168.1.1
>>
>> FE0
>> outside = 172.16.32.10
>>
>> ip nat inside source list 1 interface FastEthernet0 Overload
>> ip nat inside source static tcp 192.168.1.100 80 interface
>> fastethernet0 80
>>
>> What else would I need ?
>>
>> Thanks again.
>>
>
> I don't think you can do it because you can't configure an interface as
> both 'nat inside' and 'nat outside' it has to be one or the other.
> Clients in the same subnet at the server need to use the servers real
> adddress.
>
> BernieM
>

But keep thinking, as you could do it using another device doing the
natting. Like a Radware ASD ...
http://www.radware.com/content/solut...nd/default.asp