Internal Web Server with cisco 1841 problem

Discussion in 'Cisco' started by robertm, Aug 26, 2006.

  1. robertm

    robertm Guest

    Hello,

    I am new to Cisco and am having mild difficulties. I have a internal ip
    (192.168.1.x) and an external network (172.16.32.x).

    I have a web server in the 192.168.1.x network that is up and running.
    I setup nat so that the computers in 172.16.32.x can access the web
    server. That works fine. The problem I am having is that no one on the
    internal network (192.168.1.x) can access the webserver from the
    external IP address (172.16.32.10).

    ASCII Diagram

    [HTTP SERV 192.168.1.100] ------| [FE1 192.168.1.1] [FE0 172.16.32.10]
    | ------ [172.16.32.x]

    So if a computer say 192.168.1.15 points a web browser to 172.16.32.10
    they get nothing. They can ping it, but that is all.

    Any help would be wonderful!

    Thanks
    Robert
     
    robertm, Aug 26, 2006
    #1
    1. Advertisements

  2. robertm

    BernieM Guest

    If you're having hosts in the same subnet as the web server (192.168.1.x)
    access the web server on its external address (172.16.32.10) you need to be
    natting the source address of the clients so the web server replies to that
    address and doesn't reply directly back to the clients. Clients expect
    traffic to come from "172.16.32.10".

    BernieM
     
    BernieM, Aug 26, 2006
    #2
    1. Advertisements

  3. robertm

    robertm Guest

    Here is what I have in my NAT:

    Vlan1
    inside = 192.168.1.1

    FE0
    outside = 172.16.32.10

    ip nat inside source list 1 interface FastEthernet0 Overload
    ip nat inside source static tcp 192.168.1.100 80 interface
    fastethernet0 80

    What else would I need ?

    Thanks again.
     
    robertm, Aug 28, 2006
    #3
  4. robertm

    BernieM Guest

    I don't think you can do it because you can't configure an interface as both
    'nat inside' and 'nat outside' it has to be one or the other. Clients in
    the same subnet at the server need to use the servers real adddress.

    BernieM
     
    BernieM, Aug 28, 2006
    #4
  5. robertm

    BernieM Guest

    But keep thinking, as you could do it using another device doing the
    natting. Like a Radware ASD ...
    http://www.radware.com/content/solutions/application_front_end/default.asp
     
    BernieM, Aug 28, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.