Hairpin -nat ( domain nat) -------------------------- no ip nat inside source list NAT interface GigabitEthernet0/0/0 overload no ip access-list standard NAT int looopback 0 ip address 169.254.255.254 255.255.255.255 ip nat inside router-map PBR set interface loopback 0 interface Vlan10 no ip nat inside ip nat outside ip policy route-map PBR interface Vlan20 no ip nat inside ip nat outside ip policy route-map PBR int vlan 40 no ip nat inside ip nat outside ip policy route-map PBR int vlan 50 no ip nat inside ip nat outside ip policy route-map PBR ip access-list extended Public-NAT deny ip 192.168.1.0 0.0.0.255 deny ip 192.168.1.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255 deny ip 192.168.4.0 0.0.0.255 deny ip 192.168.3.0 0.0.0.255 deny ip 192.168.5.0 0.0.0.255 deny ip 192.168.5.0 0.0.0.255 permit ip deny ip 192.168.1.0 0.0.0.255 any permit ip deny ip 192.168.2.0 0.0.0.255 any permit ip deny ip 192.168.4.0 0.0.0.255 any permit ip deny ip 192.168.5.0 0.0.0.255 any ip access-list extended Hairpin-NAT permit ip 192.168.1.0 0.0.0.255 host 192.168.2.1 permit ip 192.168.2.0 0.0.0.255 host 192.168.2.1 permit ip 192.168.4.0 0.0.0.255 host 192.168.2.1 permit ip 192.168.5.0 0.0.0.255 host 192.168.2.1 ip nat inside source list Public-NAT gig0/0/0 ip nat inside source list Hairpin-NAT gig0/0/0 ip route 0.0.0.0 0.0.0.0 gig0/0/0 dhcp Hairpin -nat ( domainless nat) -------------------------- interface GigabitEthernet0/0/0 ip address dhcp no ip nat outside ip nat enable interface Vlan10 ip address 192.168.1.254 255.255.255.0 no ip nat inside ip nat enable ! interface Vlan20 ip address 192.168.2.254 255.255.255.0 no ip nat inside ip nat enable ! interface Vlan40 ip address 192.168.4.254 255.255.255.0 ip nat inside ! interface Vlan50 ip address 192.168.5.254 255.255.255.0 no ip nat inside ip nat enable no ip nat inside source static tcp 192.168.2.1 443 interface GigabitEthernet0/0/0 443 no ip nat inside source static tcp 192.168.2.1 80 interface GigabitEthernet0/0/0 80 no ip nat inside source list NAT interface GigabitEthernet0/0/0 overload ip nat source static tcp 192.168.2.1 443 interface GigabitEthernet0/0/0 443 ip nat source static tcp 192.168.2.1 80 interface GigabitEthernet0/0/0 80 ip nat source list NAT interface GigabitEthernet0/0/0 overload ip access-list standard NAT 10 permit 192.168.1.0 0.0.0.255 20 permit 192.168.2.0 0.0.0.255 30 permit 192.168.4.0 0.0.0.255 30 permit 192.168.5.0 0.0.0.255 ip route 0.0.0.0 0.0.0.0 gig0/0/0 dhcp