Access from internal hosts to internal servers using external address


I have a Cisco 386 in a NAT configuration.

Internal (LAN) hosts can access the Internet (WAN) in a NAT'ed fashion Internet accesses to the public IP address are correctly forwarded to the host specified in the static mapping

The only problem is that when accessing the public IP from the LAN the static mapping is not applied.

I wanted to be able to access the public IP address from the LAN side and have the traffic redirected to the static mapped server as if it came from the WAN.

What am i doing wrong?

King Regards

My configuration follows:

! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname c836 ! boot-start-marker boot-end-marker ! enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX ! no aaa new-model ! resource policy ! no ip source-route ! ! no ip dhcp use vrf connected ! ip dhcp pool CLIENT import all ! ! ip domain name ip name-server no ip bootp server ! isdn switch-type basic-net3 ! ! username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ! ! ! ! interface Ethernet0 description --- 10Mbps connection to LAN --- ip address ip nat inside ip virtual-reassembly no cdp enable ! interface Ethernet2 no ip address shutdown ! interface BRI0 no ip address encapsulation hdlc shutdown isdn switch-type basic-net3 isdn point-to-point-setup ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode etsi pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Dialer0 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username XXXXXXXXXXXXXXXXXX password 7 XXXXXXXXXXXXXXXXXX ! ip classless ip route Dialer0 !

no ip http server no ip http secure-server !

ip nat inside source list 1 interface Dialer0 overload ip nat inside source static interface Dialer0 ! access-list 1 permit dialer-list 1 protocol ip permit ! ! control-plane ! ! line con 0 exec-timeout 120 0 login local no modem enable stopbits 1 line aux 0 line vty 0 4 access-class 23 in exec-timeout 120 0 login local length 0 ! scheduler max-task-time 5000 no rcapi server ! ! end

Reply to
Loading thread data ...

I know of no way to do this. NAT only works internal to external, not internal to internal.


Reply to

I thought of having the traffic go outside throught NAT and then come back again from de outside as if it was from an external host. The source and destination IPon the WAN side would be the same, of course. Theoreticly this looks feasable, however I don't know exacly how to do it on IOS.

My goal is to migrate a couple of Linux/IPTables GWs to Ciscos and my IOS knowledge is very moderate. I'm more like an IPTable guy.

I wanted to avoid the Split-DNS solution if possible.

Reply to
HangaS Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.