cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

104
Views
0
Helpful
2
Replies
WAQ Beginner
Beginner

Accessing Router from Public IP internally

Hello All, 

 

I am configuring router with NAT for Web/FTP Server and router interface. I can access both server/router interface from public IPs after allowing from firewall and at sametime these devices are reachable from internal IPs. 

 

The question is that is it possible that I can also access with Public IP of the router/servers internally from LAN. if yes please let me know the way.. 

 

 

Best wishes.

2 REPLIES 2
Highlighted
VIP Advisor

Re: Accessing Router from Public IP internally

you can create an ACL to block from external to access the device.

BB
*** Rate All Helpful Responses ***
VIP Mentor

Re: Accessing Router from Public IP internally

Hello
Yes you can hairpin the connection with a logical connection and policy based routing or enable domain-less nat.

Example1: Harpinning

route-map PBR
set interface loopback 1
exit

int lo1
ip address 169.254.1.1 255.255.255.255
ip nat inside

 

int fa0/0
description Lan facing interface
192.168.1. 254 255.255.255.0
ip nat outside
no ip redirects
ip policy route-map PBR

int fa0/1
description Wan facing interface
1.1.1.1 255.255.255.0
ip nat outside

ip access-list extended public-nat
deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255  any

ip access-list extended hairpin-nat
permit ip 192.168.1.0 0.0.0.255 host 192.168.1.10

ip nat inside source static tcp 192.168.1.10 80 1.1.1.10 80
ip nat inside source list public-nat interface x/x
ip nat inside source list hairpin-nat interface fa0/1

Example2: Domainless nat
int fa0/0
description Lan facing interface
192.168.1. 254 255.255.255.0
ip nat enable


int fa0/1
description Wan facing interface
1.1.1.1 255.255.255.0
ip nat enable
no ip redirects

ip access-list extended public-nat
permit ip 192.168.1.0 0.0.0.255  any

ip nat source list public-nat interface x/x
ip nat source static tcp 192.168.1.10 80 1.1.1.10 80



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here