NAT-allow access to internal web site

Posted: July 26, 2015 in CISCO

In this article we’ll simulate external access to our web site hosted on internal network


When client from the internet type in web browser (or hostname associated with that address),he/she will be redirected to web site hosted on web server with IP

In this article i described NAT terminology so i won’t desribe following commands:

Configure R2 s2/0 interface as nat outside and f0/0 as nat inside:

R2#config t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config-if)#int s2/0
R2(config-if)#ip nat outside

R2(config-if)#int f0/0
R2(config-if)#ip nat inside

Add default route to the “Internet”: and enable nat debugging:

R2(config)#ip route
R2(config)#do deb
R2(config)#do debug ip nat
IP NAT debugging is on

Configure Static NAT to translate (Private IP address of Web Server) as it originates from the “Internet” ( R2 s2/0 interface) and to translate  the outside IP address of the Web server  from (public IP) to

R2(config)#ip nat source static

Switch now to R1 to configure default static route (to ping from internet to R2 and from R2 to internet)

R1(config)#ip route

On client,add entry in host file to map to IP address (R2 s2/0 interface):


Open web browser and access web site:


*Mar  1 02:26:24.687: NAT*: s=, d=> [                                17032]

As you can see,request from client ( is destined to (R2’s s2/0 interface) and it’s forwarded to (Web server’s IP address)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s