1. Home
  2. Cisco Systems
  3. Access from internal hosts to internal servers using external address

Access from internal hosts to internal servers using external address

Hi,

I have a Cisco 386 in a NAT configuration.

Internal (LAN) hosts can access the Internet (WAN) in a NAT'ed fashion Internet accesses to the public IP address are correctly forwarded to the host specified in the static mapping

The only problem is that when accessing the public IP from the LAN the static mapping is not applied.

I wanted to be able to access the public IP address from the LAN side and have the traffic redirected to the static mapped server as if it came from the WAN.

What am i doing wrong?

King Regards

My configuration follows:

! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname c836 ! boot-start-marker boot-end-marker ! enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX ! no aaa new-model ! resource policy ! no ip source-route ! ! no ip dhcp use vrf connected ! ip dhcp pool CLIENT import all ! ! ip domain name wit-software.com ip name-server 212.18.160.133 no ip bootp server ! isdn switch-type basic-net3 ! ! username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ! ! ! ! interface Ethernet0 description --- 10Mbps connection to LAN --- ip address 192.168.15.254 255.255.255.0 ip nat inside ip virtual-reassembly no cdp enable ! interface Ethernet2 no ip address shutdown ! interface BRI0 no ip address encapsulation hdlc shutdown isdn switch-type basic-net3 isdn point-to-point-setup ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode etsi pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Dialer0 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username XXXXXXXXXXXXXXXXXX password 7 XXXXXXXXXXXXXXXXXX ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 !

no ip http server no ip http secure-server !

ip nat inside source list 1 interface Dialer0 overload ip nat inside source static 192.168.15.1 interface Dialer0 ! access-list 1 permit 192.168.15.0 255.255.255.0 dialer-list 1 protocol ip permit ! ! control-plane ! ! line con 0 exec-timeout 120 0 login local no modem enable stopbits 1 line aux 0 line vty 0 4 access-class 23 in exec-timeout 120 0 login local length 0 ! scheduler max-task-time 5000 no rcapi server ! ! end

Reply to
HangaS
Loading thread data ...

I know of no way to do this. NAT only works internal to external, not internal to internal.

Scott

Reply to
Thrill5

I thought of having the traffic go outside throught NAT and then come back again from de outside as if it was from an external host. The source and destination IPon the WAN side would be the same, of course. Theoreticly this looks feasable, however I don't know exacly how to do it on IOS.

My goal is to migrate a couple of Linux/IPTables GWs to Ciscos and my IOS knowledge is very moderate. I'm more like an IPTable guy.

I wanted to avoid the Split-DNS solution if possible.

Reply to
HangaS

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.