01-06-2020 05:18 AM
Hello All,
I am configuring router with NAT for Web/FTP Server and router interface. I can access both server/router interface from public IPs after allowing from firewall and at sametime these devices are reachable from internal IPs.
The question is that is it possible that I can also access with Public IP of the router/servers internally from LAN. if yes please let me know the way..
Best wishes.
01-12-2020 05:47 AM
you can create an ACL to block from external to access the device.
01-12-2020 11:29 AM - edited 01-12-2020 11:32 AM
Hello
Yes you can hairpin the connection with a logical connection and policy based routing or enable domain-less nat.
Example1: Harpinning
route-map PBR
set interface loopback 1
exit
int lo1
ip address 169.254.1.1 255.255.255.255
ip nat inside
int fa0/0
description Lan facing interface
192.168.1. 254 255.255.255.0
ip nat outside
no ip redirects
ip policy route-map PBR
int fa0/1
description Wan facing interface
1.1.1.1 255.255.255.0
ip nat outside
ip access-list extended public-nat
deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended hairpin-nat
permit ip 192.168.1.0 0.0.0.255 host 192.168.1.10
ip nat inside source static tcp 192.168.1.10 80 1.1.1.10 80
ip nat inside source list public-nat interface x/x
ip nat inside source list hairpin-nat interface fa0/1
Example2: Domainless nat
int fa0/0
description Lan facing interface
192.168.1. 254 255.255.255.0
ip nat enable
int fa0/1
description Wan facing interface
1.1.1.1 255.255.255.0
ip nat enable
no ip redirects
ip access-list extended public-nat
permit ip 192.168.1.0 0.0.0.255 any
ip nat source list public-nat interface x/x
ip nat source static tcp 192.168.1.10 80 1.1.1.10 80
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide