IP NAT/PAT

This sh NAT is inconsistent with the ip nat statement. I will ignore the sh nat.

If memory serves me correctly you need a route for the incoming packet for the pre-natted address.

ip route 172.17.0.5 255.255.255.255 192.168.0.x

Make x anything you like except the router itself. It is never used to send traffic out of the router.

I think of it like this - The router needs to know which interface the packet is going to exit from in order to notice the NAT inside/outside pair of interfaces. Without this the router has no idea what to do with the packet.

This sounds like something I've been looking for in order to allow me to access a domain name that maps back to a server behind my natted router.. Currently if I do this, I get a message akin to 'no route to host' if I recall.. Of course it works fine outside my network..

Anyway, sounds interesting..

This is just ordinary static NAT.

I take it to mean that you wish to access your internal server from the inside using its external DNS name.

My reading of the cisco documents suggests that the Cisco NAT Application Layer Gateway for DNS will fix this up I (and others it seems) have been unable to get it to work.

That is - the router should notice DNS replies from the outside that contain the statically NATted address and will correctly fix up the address in the DNS reply. This does not seem to work but I have never raised a TAC case against it so I don't know the official cisco position.

The fix for this is to uave an internal DSN server that returns the internal address or for a small network perhaps to use host file entrie(s) for the required host(s). In a Windows "Domain" or somewhere you have login scripts you can of course fix up all the host files centrally.

I have not thought it all through but there is a possible NAT solution I suppose using policy based routing to a loopback for the "internal" server traffic that is 'incorrectly' heading for an external address. The loopback would be the NAT outside for this traffic and the traffic could come back inside after being NATted.

It would be quite complex. You would need to do destination NAT to get the traffic to go the right way, source NAT so that the return traffic could be persuaded back to the router for more mumbo jumbo on the return.

This is a real kludge but it might work for NATtable protocols. I like to think that have had the sense never to have tried it:)

Look up "NAT on a stick" on the cisco web site for an example of NAT using PBR and a loopback.

Thanks! You are spot-on.. Your answer is also what I had heard but not tried.. I've been thinking about setting up a local DNS server so perhaps I'll go down that route.. Thx!