Cisco Nat Internal > External > Internal

Discussion in 'Cisco' started by dcpearso, Mar 8, 2008.

  1. dcpearso

    dcpearso

    Joined:
    Mar 8, 2008
    Messages:
    6
    Likes Received:
    0
    I know that this has been a problem for quite some time now. I was wondering if anyone has found a router based solution...


    I have a web server address = y.y.y.y

    The router is performing nat from an external address x.x.x.x to the internal y.y.y.y on port 80.

    External access to the web server works perfectly using ip nat inside source static tcp y.y.y.y 80 x.x.x.x 80

    The problem is that when a user on the internal subnet y.y.y.() tries to access the web server on the external x.x.x.x address it fails.

    From all of the forums i have read it seems that this is not a supported feature in the cisco Ip nat feature set. I find this amazing beause a linksys router and even a d-link can do this!

    I have played around with route-maps and a few other ideas but still no luck.

    My question is has anyone else managed to fix this issue?

    The solutions i have seen so far is to point DNS to the router and make the change in dns.

    Modify the computers host file...

    Use two routers.

    Anything else????


    Cheers

    DP
     
    dcpearso, Mar 8, 2008
    #1
    1. Advertisements

  2. dcpearso

    Greeley

    Joined:
    Dec 16, 2007
    Messages:
    67
    Likes Received:
    0
    Add a second NIC to your web server give it an internal ip address and then point the internal users to the inside web address instead of the outside address.

    --G
     
    Greeley, Mar 8, 2008
    #2
    1. Advertisements

  3. dcpearso

    dcpearso

    Joined:
    Mar 8, 2008
    Messages:
    6
    Likes Received:
    0
    If only it were that simple. The website the users are accessing is an external website that i have no control over. There is a link on this site that points to one of my external IP's as we are hosting that portion of the site.

    There are too many users to tell them to go to an internal address... My only real option is to intercept the DNS request as it hits the router and get it to somehow change the address it is reequesting....(NAT should be able to do this). My problem is that cisco doesnt support internal external internal nat access.

    I thought about giving the webserver the live IP as well as the internal IP and only allowing port 80 access to it....

    I just wish that someone has comeup with a config that would let the cisco give access to the external ip to internal users...
     
    dcpearso, Mar 8, 2008
    #3
  4. dcpearso

    dcpearso

    Joined:
    Mar 8, 2008
    Messages:
    6
    Likes Received:
    0
    Has anyone else had any thoughts here?

    Much appreciated.....
     
    dcpearso, Mar 23, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.