NAT routing problem

I have a PAT configuration set up on my Cisco 851 Router. It port forwards from a single public IP ports to servers in my internal network that use the Class C range 192.168.1.1 (the router) through

192.168.1.254. The configuration works perfectly.

The problem I am having is specific to HTTP. Whenever users from the Internet use a web browser to connect to my Internet IP address, they get a web page displayed in their browser. However, when I try to navigate to the same IP from a workstation on the internal network (192.168.1.101) I get a page cannot be displayed error.

This seemed to work fine with my Linksys router previously but not Cisco.I think this is some NAT configuration issue. What do I need to do to get connections from the internal network to behave the same way as users connectiing from the Internet?

Thanks,

--Paul

Reply to
Pau
Loading thread data ...

| I have a PAT configuration set up on my Cisco 851 Router. It port forwards from a single public IP ports to servers in | my internal network that use the Class C range 192.168.1.1 (the router) through 192.168.1.254. The configuration works | perfectly. | | The problem I am having is specific to HTTP. Whenever users from the Internet use a web browser to connect to my | Internet IP address, they get a web page displayed in their browser. However, when I try to navigate to the same IP from | a workstation on the internal network (192.168.1.101) I get a page cannot be displayed error. | | This seemed to work fine with my Linksys router previously but not Cisco.I think this is some NAT configuration issue. | What do I need to do to get connections from the internal network to behave the same way as users connectiing from the | Internet?

Hi Paul. When you want to connect to the webserver from the internal network you should use the private address of the server (not the public one). Do you have internal DNS servers or do you use external servers? If you have internal DNS you should create an A record for the webserver that would point to it's private address.

I know that on a firewall it is not permited (by design) to have the same traffic go out an interface and come back through the same interface. That is what is happening when you try to access the public address of your webserver. The traffic goes from inside to outside interface, and then has do go back.

On a PIX or ASA your situation can be resolved using DNS doctoring

formatting link
this also applyes in your situation I don't know.

Reply to
Morph

ds from a single public IP =A0ports to servers in

through 192.168.1.254. The configuration works

ernet use a web browser to connect to my

ever, when I try to navigate to the same IP from

t be displayed error.

.I think this is some NAT configuration issue.

behave the same way as users connectiing from the

formatting link
IOS NAT Application Layer Gateways

Says that DNS fixups are performed by IOS however several threads on this forum have gone over the ground and I have noticed no working solution so far.

Please post solution if you find one.

It would be incredible if this was not supported in IOS.

Reply to
Bod43

This same configuration worked with my older Netopia router. I realize that populating internal DNS records will work, but I want to be able to test to see if the router is correctly NAT'ing port 80 connection to the web server. If I use internal DNS, there is no way to test that.

from a single public IP ports to servers in

through 192.168.1.254. The configuration works

use a web browser to connect to my

when I try to navigate to the same IP from

displayed error.

think this is some NAT configuration issue.

the same way as users connectiing from the

Reply to
Pau

If your server is in your inside network then there is no need to go through the router. You should access the server directly using it's privat address. You wrote in your previous post that there is no problem to access the server from the internet (hence the router is NAT-ing port 80 correctly).

| This same configuration worked with my older Netopia router. I realize that populating internal DNS records will work, | but I want to be able to test to see if the router is correctly NAT'ing port

80 connection to the web server. If I use | internal DNS, there is no way to test that. | | | On Mon, 10 Mar 2008 09:06:20 +0100, Morph wrote: | | >In the message Paul wrote: | >

| >| I have a PAT configuration set up on my Cisco 851 Router. It port forwards from a single public IP ports to servers in | >| my internal network that use the Class C range 192.168.1.1 (the router) through 192.168.1.254. The configuration works | >| perfectly. | >| | >| The problem I am having is specific to HTTP. Whenever users from the Internet use a web browser to connect to my | >| Internet IP address, they get a web page displayed in their browser. However, when I try to navigate to the same IP from | >| a workstation on the internal network (192.168.1.101) I get a page cannot be displayed error. | >| | >| This seemed to work fine with my Linksys router previously but not Cisco.I think this is some NAT configuration issue. | >| What do I need to do to get connections from the internal network to behave the same way as users connectiing from the | >| Internet? | >

| >Hi Paul. | >When you want to connect to the webserver from the internal network you | >should use the private address of the server (not the public one). | >Do you have internal DNS servers or do you use external servers? | >If you have internal DNS you should create an A record for the webserver | >that would point to it's private address. | >

| >I know that on a firewall it is not permited (by design) to have the | >same traffic go out an interface and come back through the same | >interface. That is what is happening when you try to access the public | >address of your webserver. The traffic goes from inside to outside | >interface, and then has do go back. | >

| >On a PIX or ASA your situation can be resolved using DNS doctoring |

Reply to
Morph

I understand, but I do want to go through the router. I need to make sure that when people resolve my website to the Internet, it is NAT'd correctly by my Cisco router and sent to the right webserver. I didn't mention that I am hosting 2 websites on a single IP address so being able to test these are working is critical.

So while I realize I can easily get to the webservers directly by their internal hostnames, I need a way to test that my NAT configuration is up and running correctly. I was able to do this using other routers, just not Cisco. I'm thinking there is some command line config I need to allow traffic to flow between the 2 interfaces but I can't be certain.

Any suggestions welcome!

--Paul

populating internal DNS records will work,

80 connection to the web server. If I use

from a single public IP ports to servers in

through 192.168.1.254. The configuration works

Internet use a web browser to connect to my

However, when I try to navigate to the same IP from

be displayed error.

think this is some NAT configuration issue.

behave the same way as users connectiing from the

Reply to
Pau

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.