NAT Inside Connection

Christopher Dobkowski

I have a big dilemma regarding the Nat. Well let's say you have 2 separate networks, the gateway routers are connected over frame relay. On those routers we set Nat overload, so when we get to the public network, we get a public IP. Everything good and everything cool. But let's say that we want to ping or access a HTTP server that is located in network 1 from network 2.
Since network 1 & 2 are going out with their public address, how am I supposed to access that server or ping it? What IP? Public? Private? I am sitting for the CCNA tomorrow is that shame I don't know that?

Thanks!

Iristheangel

Draw me a network diagram of it showing me where the server is located, how the two networks are connected, and where NAT is applied. I'll guide you in the right direction

Typically, if you have an HTTP server on a private network, you might want to try one-to-one mapping for the actual HTTP server but let's take a look at the topology first.

It's not a shame you don't know that. The CCNA is an entry-level certification that is supposed to allow you to have a foundational knowledge of routing and switch theory and the ability to configure basic instructions on networking equipment. It is not a troubleshooting exam - You learn that in the wild.

Christopher Dobkowski

Ok, i just did a quick one in Visio and the senario is more dense in routers and switches inside the networks + there is a network beneath i just left, cause it's irelevant. I want to ping now or access the server placed on Network A from a host PC located on Netork B... I'm using NAT overload. Can I access the server? If yes, on what IP or if not, that means I need to do one-to-one translation right? Thank You!

Cheers!

Iristheangel

Thanks for the visio! Perfect!

You'll need another public IP address but this is generally how you do it: Configuring Static and Dynamic NAT Simultaneously - Cisco Systems

Basically, the outside interface of the router in Network A will have two public IP addresses. One will be for one-to-one mapping with the web server and the other one will be used for regular NAT overloaded. When the router knows this, it'll translate all the private IPs using PAT and for the web server, it'll statically translate the IP address for that specific device to the IP address you specified. That'll allow you to communicate with it from Network B. If you want to limit access to the web server from other IP addresses except that of Network B, that's another story (ACLs).

Anyways, hope that helped and feel free to ask any other questions

Christopher Dobkowski

Whoah! No need to thank me, You're the one helping here.

That's just perfect! That explains everything, so I basically just need to combine PAT with a single one-to-one translation. Two addresses. Mhmm, great! You cleared the clouds!
ACLs; I just love to be the King

Thanks again! Cheers

Iristheangel

No problemo. Good luck on your exam tomorrow

Christopher Dobkowski

Iristheangel wrote: »

No problemo. Good luck on your exam tomorrow

Thanks, will need it!

atorven

You can also do this with your single public address, you just need to create a static mapping of your internal address to your external address on the relevant port in your case port 80. Good luck with your exam.

Iristheangel

Yes he can do that as well but that's usually outside the scope of CCNA-level. OP, if you're interested in doing that, here's the Cisco document that lays it out: Configuring Network Address Translation and Static Port Address Translation to Support an Internal Web Server - Cisco Systems