NAT-allow access to internal web site

Posted: July 26, 2015 in CISCO

In this article we’ll simulate external access to our web site hosted on internal network

Untitled

When client from the internet type 10.10.10.2 in web browser (or hostname associated with that address),he/she will be redirected to web site hosted on web server with IP 192.168.5.10

In this article i described NAT terminology so i won’t desribe following commands:

Configure R2 s2/0 interface as nat outside and f0/0 as nat inside:

R2#
R2#config t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config-if)#int s2/0
R2(config-if)#ip nat outside

R2(config-if)#int f0/0
R2(config-if)#ip nat inside

Add default route to the “Internet”: and enable nat debugging:

R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
R2(config)#do deb
R2(config)#do debug ip nat
IP NAT debugging is on

Configure Static NAT to translate 192.168.5.10 (Private IP address of Web Server) as it originates from the “Internet” (10.10.10.2-Public R2 s2/0 interface) and to translate  the outside IP address of the Web server  from 10.10.10.2 (public IP) to 192.168.5.10:

R2(config)#ip nat source static 192.168.5.10 10.10.10.2

Switch now to R1 to configure default static route (to ping from internet to R2 and from R2 to internet)

R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.2

On client,add entry in host file to map mysite.com to 10.10.20.2 IP address (R2 s2/0 interface):

Untitled

Open web browser and access web site:

Untitled

R2(config)#
*Mar  1 02:26:24.687: NAT*: s=192.168.81.10, d=10.10.10.2->192.168.5.10 [                                17032]

As you can see,request from client (192.168.81.10 is destined to 10.10.10.2 (R2’s s2/0 interface) and it’s forwarded to 192.168.5.10 (Web server’s IP address)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s