Thank you for your reply , But it still hasn't been solved .
I have configured " ip nat ourtside " on VLAN 4000 , vlan 4000 is on the port G0/0/15 , I configured " ip access-list session " on this port .
ip access-list session nat_thing
any alias localip tcp 8888 dst-nat ip 192.168.1.54 8888
any any any permit
interface gigabitethernet 0/0/15
description "GE0/0/15"
trusted
trusted vlan 1-4094
ip access-group "nat_thing" session
switchport access vlan 4000
no spanning-tree
interface vlan 4000
ip address 221.2.2.2 255.255.255.240
ip nat outside
interface vlan 10
ip address 192.168.1.1 255.255.255.0
ip nat inside
description "officenetworks"
This is my current situation,
I can access 221.2.2.2:8888 from any Internet, when I was on the LAN , I can't access using the address of 221.2.2.2, Only 192.168.1.54:8888 can be used .I think there is still a problem with the IP access list session configuration.
------------------------------
eddy zhou
whhcit.com
------------------------------
Original Message:
Sent: Nov 26, 2021 04:38 PM
From: Colin Joseph
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP
You should have "ip nat outside" on interface vlan 4000
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Nov 23, 2021 11:16 AM
From: eddy zhou
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP
Hey, guys,I have a question about Aruba controller NAT .
I use Aruba 7010 as the gateway.
VLAN 4000 is used as WAN interface, and the IP is static IP 221.2.2.2 .
VLAN 10 is an office VLAN, and IP NAT inside is configured , ip address 192.168.1.1
We have a web server in the office VLAN with an IP of 192.168.1.54. I configured port mapping for it and used port 8282 .
Now, we access my internal server in any Internet access http://221.2.2.2:8282.
However, I cannot access my server directly through 221.2.2.2 in my internal network , it doesn't work anymore. Only internal address 192.168.1.54:8080 can be used .
I think it's because I haven't configured source NAT correctly .
Please give me some help , thanks !
------------------------------
eddy zhou
whhcit.com
Weihai . SD . China
+86 13061120222
------------------------------