Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
2
Replies

Accessing Router from Public IP internally

DEV1389
Level 1
Level 1

‎01-06-2020 05:18 AM

Hello All, 

 

I am configuring router with NAT for Web/FTP Server and router interface. I can access both server/router interface from public IPs after allowing from firewall and at sametime these devices are reachable from internal IPs. 

 

The question is that is it possible that I can also access with Public IP of the router/servers internally from LAN. if yes please let me know the way.. 

 

 

Best wishes.

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎01-12-2020 05:47 AM

you can create an ACL to block from external to access the device.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎01-12-2020 11:29 AM - edited ‎01-12-2020 11:32 AM

Hello
Yes you can hairpin the connection with a logical connection and policy based routing or enable domain-less nat.

Example1: Harpinning

route-map PBR
set interface loopback 1
exit

int lo1
ip address 169.254.1.1 255.255.255.255
ip nat inside

 

int fa0/0
description Lan facing interface
192.168.1. 254 255.255.255.0
ip nat outside
no ip redirects
ip policy route-map PBR

int fa0/1
description Wan facing interface
1.1.1.1 255.255.255.0
ip nat outside

ip access-list extended public-nat
deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255  any

ip access-list extended hairpin-nat
permit ip 192.168.1.0 0.0.0.255 host 192.168.1.10

ip nat inside source static tcp 192.168.1.10 80 1.1.1.10 80
ip nat inside source list public-nat interface x/x
ip nat inside source list hairpin-nat interface fa0/1

Example2: Domainless nat
int fa0/0
description Lan facing interface
192.168.1. 254 255.255.255.0
ip nat enable


int fa0/1
description Wan facing interface
1.1.1.1 255.255.255.0
ip nat enable
no ip redirects

ip access-list extended public-nat
permit ip 192.168.1.0 0.0.0.255  any

ip nat source list public-nat interface x/x
ip nat source static tcp 192.168.1.10 80 1.1.1.10 80


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents