Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!
May 20, 2008, 10:41 am
rate this thread
Re: HTTP server
Forget "ip http server". That means that you are enabling the router to
provide a web page interface for administration. It has nothing to do with
what you are doing and should be disabled to maintain good security.
You are correct, in order to have NAT enabled you must have both an "ip nat
outside" and an "ip nat inside". You must also additionally create an
access-list, perhaps a standard IP access-list, to specify the range of
hosts which can use NAT and what external/global IP address to use in NAT.
Add this global configuration command after creating an access-list (I used
101 as an example):
ip nat inside source list 101 interface Ethernet0 overload
Now that NAT is running, you must make a static translation for certian
traffic coming in from the outside to be redirected to your inside host. In
my example, I specified that HTTP traffic, also known as TCP port 80, is
redirected to my example server of 192.168.1.5. Since the ourside router
interface is using DHCP, I left the external/global IP address out and
instead specified the interface:
ip nat inside source static tcp 192.168.1.5 80 interface Ethernet0 80
This is how you enable NAT on a router:
specify an access-list for the range of hosts to use NAT
enter "ip nat inside" and "ip nat outside" on the appropriate interfaces
enter the IP NAT command to bind the access-list of inside hosts and the
(optional) put any inbound TCP/UDP port translations in place to redirect
inbound traffic to an inside server
- » Multiple Jobs Corp - Corp. Windows Data Access Management - Information Security &...
- — Newest thread in » Cisco Certification