I'm trying to configure my c837 to use inside-to-inside NAT, but I'm not getting anywhere, and everywhere I've looked on the Internet regarding this problem seams to tail off without resolve...
Basically, I'm trying to access my internal web server using the global IP address assigned to Dialer0 on the router by my ISP.
I have a DNS service external to the network which is provided this IP address and while I can use it externally (PAT from the Internet to the LAN is working fine), I can't get it to work when I'm on the network.
In this case, internal replication of the DNS zone on the LAN is not really an option, and for the moment, I'm using a hosts file (but again, this isn't suitable, as some devices will need to access it both on and off the network).
I'm just looking to get Inside-to-Inside NAT working so I can use the router to forward the request from the LAN to the server...
Here's the main points of my config:
interface Ethernet0 description to Network ip address 10.0.1.62 255.255.255.192 ip access-group from-network in no ip redirects no ip unreachables no ip proxy-arp ip nat inside no ip virtual-reassembly ip route-cache flow load-interval 30 ! interface ATM0 description to Zen Internet no ip address no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive dsl operating-mode auto pvc 0/38 description BT ADSL Connection tx-ring-limit 3 encapsulation aal5mux ppp dialer dialer pool-member 1 ! interface Dialer0 ip address negotiated ip access-group from-internet in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect firewall out no ip virtual-reassembly encapsulation ppp ip route-cache flow load-interval 30 dialer pool 1 dialer-group 1 ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip nat inside source list nat interface Dialer0 overload ip nat inside source static tcp 10.0.1.61 80 interface Dialer0 80 ! ip access-list standard nat remark Define which systems will be NAT-translated permit 10.0.1.0 0.0.0.63 ! ip access-list extended from-internet remark ACL for incoming traffic from the Internet deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip host 255.255.255.255 any deny ip host 0.0.0.0 any permit icmp any any echo-reply permit icmp any any time-exceeded permit icmp any any unreachable permit igmp any any permit esp any any permit gre any any permit udp any eq ntp any eq ntp permit tcp any any eq www deny ip any any log ip access-list extended from-network remark ACL for incoming traffic to the router from the network deny ip host 255.255.255.255 any deny ip 127.0.0.0 0.255.255.255 any permit ip any any ! dialer-list 1 protocol ip permit