Inside to Inside NAT

I'm trying to configure my c837 to use inside-to-inside NAT, but I'm not getting anywhere, and everywhere I've looked on the Internet regarding this problem seams to tail off without resolve...

Basically, I'm trying to access my internal web server using the global IP address assigned to Dialer0 on the router by my ISP.

I have a DNS service external to the network which is provided this IP address and while I can use it externally (PAT from the Internet to the LAN is working fine), I can't get it to work when I'm on the network.

In this case, internal replication of the DNS zone on the LAN is not really an option, and for the moment, I'm using a hosts file (but again, this isn't suitable, as some devices will need to access it both on and off the network).

I'm just looking to get Inside-to-Inside NAT working so I can use the router to forward the request from the LAN to the server...

Here's the main points of my config:

interface Ethernet0 description to Network ip address ip access-group from-network in no ip redirects no ip unreachables no ip proxy-arp ip nat inside no ip virtual-reassembly ip route-cache flow load-interval 30 ! interface ATM0 description to Zen Internet no ip address no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive dsl operating-mode auto pvc 0/38 description BT ADSL Connection tx-ring-limit 3 encapsulation aal5mux ppp dialer dialer pool-member 1 ! interface Dialer0 ip address negotiated ip access-group from-internet in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect firewall out no ip virtual-reassembly encapsulation ppp ip route-cache flow load-interval 30 dialer pool 1 dialer-group 1 ! ip route Dialer0 ! ip nat inside source list nat interface Dialer0 overload ip nat inside source static tcp 80 interface Dialer0 80 ! ip access-list standard nat remark Define which systems will be NAT-translated permit ! ip access-list extended from-internet remark ACL for incoming traffic from the Internet deny ip any deny ip any deny ip any deny ip any deny ip host any deny ip host any permit icmp any any echo-reply permit icmp any any time-exceeded permit icmp any any unreachable permit igmp any any permit esp any any permit gre any any permit udp any eq ntp any eq ntp permit tcp any any eq www deny ip any any log ip access-list extended from-network remark ACL for incoming traffic to the router from the network deny ip host any deny ip any permit ip any any ! dialer-list 1 protocol ip permit

Reply to
Jonathan Wright
Loading thread data ...

You can't do inside to inside NAT. NAT is only done inside to outside and vice versa. By configuring interfaces as either "inside" or "outside" is how the router knows which packets to NAT.


Reply to

It could be he's thinking that inside/outside interfaces are somehow related with private/public IP addresses.

Reply to
Rod Dorman Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.