• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 327
  • Last Modified:

port 80 not working trough nat


we have a network from, where the router have a connection trough point to point connection to another network of a different company where it connects to their network trough the ip and in the other en is the
so in the other network they have one more router where it connects to their internal network to the network 10.20.x.x, and they have made a nat to port 80 where if I put the IP it should connect to their webserver.
But the problem is when I try to connect to port 80 it doesnt connects, but I can ping both ip addresses the and the 10.20.x.x

I tried to understand what can be the problem as if I put a router that is not connected to my network I can open the website trough port 80, but when I put the connection trough the network I cant open it...

Please help as I dont have more clues...By the way the hardware of routers is CISCO.

  • 2
  • 2
1 Solution
You have a double NAT there.  It is quite easy to loose data if they are not set up correctly.

The first step would be to test each half.
Put a machine in their network on the 10.10.120.X network and see if you can get to the machine from there.
Then turn on a web server on that machine and see if you can access it from your network.
You might have to adjust their NAT to point to your new server instead of their one.

You can also check the routing back again by pinging from the web server back to your network.
britholAuthor Commented:
When we put a machin in the network I can reach their webserver with no problem...
But when we go and put it in our network it simple dont work...

Can it be that their have a similar internal network like ours 192.168.x.x?
Yes..  if your network is 192.168.x.x and they have a local 192.168.x.x network, the problem is that return traffic from the server is going to return to THEIR 192 network, because the source address isn't changed in your request to their server.

There are several different ways to fix it, but I'm not sure we have enough detail of your network, and the one  you're connecting to, to really be helpful..  The short version is that to not do any more complicated NAT configuration, there has to be a route to get from their web server all the way back to your machine, with all the routers along the way not having a route to a different network with the same address.  This means that perhaps if you could get a network number that they're not using, and you could use that network, and they could inject a route to you into their routing protocol (or use static routes if it's small) then you could get it to work that way, otherwise you're probably going to have to do some source address NATting..
britholAuthor Commented:
wich details you need?
The problem is, you're likely going to have to interface with the IT support of the other company, so dictating to them how to change their network, is probably not going to go over very well (unless you have a really good relationship with them, or they have common ownership, etc..)..  

I assume since you're trying to use THEIR webserver, that you're the "customer" in this relationship, so probably the best thing to do would be to see if they have any other way to help you configure this, given that we're "pretty sure" that the traffic is probably getting to their webserver, but then the return traffic is going to the other 192.168 network.  Otherwise, I feel like anything I might suggest to you to do would be designed to "get around" their network design, and then later, if they change something inside their network, it might break your access again..

Taking a step back for a second, I have to wonder why in the first place, you're doing NAT over this point to point network..  If you're connecting a network using private addressing to another company using private addressing, you dont have to do NAT at all - you can just route directly.  I am assuming that you're doing the NAT specifically because you have overlapping network numbers in some places, which as you see in your example, isn't completely solved by a standard destination nat..

One other suggestion you could make to them is to make their server available via the Internet, rather than over this point to point link, in which case you'd be accessing a REAL routable IP from your real routable IP, and they could protect/limit the access to ONLY allow traffic from your one IP address if security is a concern.

If you still want to try a solution that you alone can implement only on your side, then it would be helpful to know all the IP ranges used in both companies, and maybe a router config wherever you can get one.. at least from the router on your side that touches their network.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now