microbolt
asked on
Address Public IP internally CISCO SOHO 91
What I'm needing to do is to be able address my Public IP from my internal clients. I have a Cisco SOHO 91 router and I have the Public IP assigned to Ethernet1 and My Private IP assigned to Ethernet0. I am able to ping my Public IP but am unable to connect to mail or http or any other service running on my server using the Public IP. Here is my Current Config (where a.b.c.d is my Public IP):
Using 2603 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
logging queue-limit 100
clock timezone CST -6
ip subnet-zero
!
!
!
!
!
!
!
!
!
interface Ethernet0
description Interal LAN
ip address 192.168.2.252 255.255.255.0
ip nat inside
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
description Internet
ip address a.b.c.d 255.255.255.0
ip nat outside
duplex auto
no cdp enable
!
ip nat inside source list 102 interface Ethernet1 overload
ip nat inside source static tcp 192.168.2.1 25 a.b.c.d 25 extendable
ip nat inside source static tcp 192.168.2.1 21 a.b.c.d 21 extendable
ip nat inside source static tcp 192.168.2.1 80 a.b.c.d 80 extendable
ip nat inside source static tcp 192.168.2.1 443 a.b.c.d 443 extendable
ip nat inside source static tcp 192.168.2.2 53 a.b.c.d 53 extendable
ip nat inside source static udp 192.168.2.1 7777 a.b.c.d 7777 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 a.b.c.254
no ip http server
no ip http secure-server
!
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
!
line con 0
exec-timeout 120 0
no modem e
no modem e
line aux 0
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end
Using 2603 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
logging queue-limit 100
clock timezone CST -6
ip subnet-zero
!
!
!
!
!
!
!
!
!
interface Ethernet0
description Interal LAN
ip address 192.168.2.252 255.255.255.0
ip nat inside
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
description Internet
ip address a.b.c.d 255.255.255.0
ip nat outside
duplex auto
no cdp enable
!
ip nat inside source list 102 interface Ethernet1 overload
ip nat inside source static tcp 192.168.2.1 25 a.b.c.d 25 extendable
ip nat inside source static tcp 192.168.2.1 21 a.b.c.d 21 extendable
ip nat inside source static tcp 192.168.2.1 80 a.b.c.d 80 extendable
ip nat inside source static tcp 192.168.2.1 443 a.b.c.d 443 extendable
ip nat inside source static tcp 192.168.2.2 53 a.b.c.d 53 extendable
ip nat inside source static udp 192.168.2.1 7777 a.b.c.d 7777 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 a.b.c.254
no ip http server
no ip http secure-server
!
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
!
line con 0
exec-timeout 120 0
no modem e
no modem e
line aux 0
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end
ASKER
yep, all of my pc's have that as thier gateway, and i can access any other IP without any problems. I think that maybe the cisco router is blocking me from going "out and back in" maybe as some kind of spoof protection. Currently my cisco router is setup for NAT and I have a number of ports I have mapped internally to a server located at 192.168.2.1 (like port 80, 21, etc.) What my goal is to be able to address my public IP form one of my internal pc and access a resorce located on my private server at 192.168.2.1.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Make sure that your servers and PC's are all pointing to the router's Ethernet address - 192.168.2.252 as their default gateway...