From the network topology, we have a web server that has been assigned a private IP address for security reasons.
The task is to configure router A to statically allow access to the web server on port 80 for all in-coming traffics to the public IP assigned to the router. In this demonstration, out ISP assigned public IP is 192.168.2.1 while the web server’s privately assigned IP is 192.168.1.3
Our goal is to configure static NAT on the router in such a way that http requests to 192.168.2.1 from host B or any other host on the internet will be redirected to the web server. This will ensure that the IP of the Web server is not advertised to the internet.
Router A public IP: 192.168.2.1 (Yes, it is not a public IP. Just for demonstration purpose)
>>The first statement simply instructs the router to allow http request to 192.168.2.1(the public IP on
the router) to be redirected to an inside source address, in this case 192.168.1.3. HTTP is a TCP protocol that makes use of port 80.
>> Interface f0/0 is the interface connecting to the ISP and is named outside
>> Interface f0/1 connects to the LAN and is named inside interface.
To verify the workings of this setup, we will open a web browser on host B and type in router A’s public IP. This should take us to the web server. On your packet Tracer, click on host B, go to desktop and click on web browser. Type in the IP of router A’s WAN interface and hit the enter key. The result should be as shown below:
This configuration was done, assuming that other basic configurations had been done. For a guide on the complete configuration required on both routers, from start to finish, see the output of show run command on both routers.
ip address 192.168.2.1
ip nat outside
ip address 192.168.1.1
ip nat inside
no ip address
ip nat pool timigate
192.168.2.1 192.168.2.1 netmask 255.255.255.255
ip nat inside source list 1
pool timigate overload
ip nat inside source static
tcp 192.168.1.3 80 192.168.2.1 80
Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.