Access from internal hosts to internal servers using external address

Discussion in 'Cisco' started by HangaS, Apr 18, 2007.

  1. HangaS

    HangaS Guest

    Hi,

    I have a Cisco 386 in a NAT configuration.

    Internal (LAN) hosts can access the Internet (WAN) in a NAT'ed fashion
    Internet accesses to the public IP address are correctly forwarded to
    the host specified in the static mapping

    The only problem is that when accessing the public IP from the LAN the
    static mapping is not applied.

    I wanted to be able to access the public IP address from the LAN side
    and have the traffic redirected to the static mapped server as if it
    came from the WAN.

    What am i doing wrong?


    King Regards


    My configuration follows:

    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    !
    hostname c836
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    !
    no aaa new-model
    !
    resource policy
    !
    no ip source-route
    !
    !
    no ip dhcp use vrf connected
    !
    ip dhcp pool CLIENT
    import all
    !
    !
    ip domain name wit-software.com
    ip name-server 212.18.160.133
    no ip bootp server
    !
    isdn switch-type basic-net3
    !
    !
    username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    !
    !
    !
    !
    interface Ethernet0
    description --- 10Mbps connection to LAN ---
    ip address 192.168.15.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no cdp enable
    !
    interface Ethernet2
    no ip address
    shutdown
    !
    interface BRI0
    no ip address
    encapsulation hdlc
    shutdown
    isdn switch-type basic-net3
    isdn point-to-point-setup
    !
    interface ATM0
    no ip address
    atm vc-per-vp 64
    no atm ilmi-keepalive
    dsl operating-mode etsi
    pvc 0/35
    pppoe-client dial-pool-number 1
    !
    !
    interface FastEthernet1
    duplex auto
    speed auto
    !
    interface FastEthernet2
    duplex auto
    speed auto
    !
    interface FastEthernet3
    duplex auto
    speed auto
    !
    interface FastEthernet4
    duplex auto
    speed auto
    !
    interface Dialer0
    ip address negotiated
    ip mtu 1492
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp pap sent-username XXXXXXXXXXXXXXXXXX password 7
    XXXXXXXXXXXXXXXXXX
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !

    no ip http server
    no ip http secure-server
    !

    ip nat inside source list 1 interface Dialer0 overload
    ip nat inside source static 192.168.15.1 interface Dialer0
    !
    access-list 1 permit 192.168.15.0 255.255.255.0
    dialer-list 1 protocol ip permit
    !
    !
    control-plane
    !
    !
    line con 0
    exec-timeout 120 0
    login local
    no modem enable
    stopbits 1
    line aux 0
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    no rcapi server
    !
    !
    end
     
    HangaS, Apr 18, 2007
    #1
    1. Advertisements

  2. HangaS

    Thrill5 Guest

    I know of no way to do this. NAT only works internal to external, not
    internal to internal.

    Scott
     
    Thrill5, Apr 19, 2007
    #2
    1. Advertisements

  3. HangaS

    HangaS Guest


    I thought of having the traffic go outside throught NAT and then come
    back again from de outside as if it was from an external host.
    The source and destination IPon the WAN side would be the same, of
    course. Theoreticly this looks feasable, however I don't know exacly
    how to do it on IOS.

    My goal is to migrate a couple of Linux/IPTables GWs to Ciscos and my
    IOS knowledge is very moderate. I'm more like an IPTable guy.

    I wanted to avoid the Split-DNS solution if possible.
     
    HangaS, Apr 19, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.