01-06-2020 05:18 AM
Hello All,
I am configuring router with NAT for Web/FTP Server and router interface. I can access both server/router interface from public IPs after allowing from firewall and at sametime these devices are reachable from internal IPs.
The question is that is it possible that I can also access with Public IP of the router/servers internally from LAN. if yes please let me know the way..
Best wishes.
01-12-2020 05:47 AM
you can create an ACL to block from external to access the device.
01-12-2020 11:29 AM - edited 01-12-2020 11:32 AM
Hello
Yes you can hairpin the connection with a logical connection and policy based routing or enable domain-less nat.
Example1: Harpinning
route-map PBR
set interface loopback 1
exit
int lo1
ip address 169.254.1.1 255.255.255.255
ip nat inside
int fa0/0
description Lan facing interface
192.168.1. 254 255.255.255.0
ip nat outside
no ip redirects
ip policy route-map PBR
int fa0/1
description Wan facing interface
1.1.1.1 255.255.255.0
ip nat outside
ip access-list extended public-nat
deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended hairpin-nat
permit ip 192.168.1.0 0.0.0.255 host 192.168.1.10
ip nat inside source static tcp 192.168.1.10 80 1.1.1.10 80
ip nat inside source list public-nat interface x/x
ip nat inside source list hairpin-nat interface fa0/1
Example2: Domainless nat
int fa0/0
description Lan facing interface
192.168.1. 254 255.255.255.0
ip nat enable
int fa0/1
description Wan facing interface
1.1.1.1 255.255.255.0
ip nat enable
no ip redirects
ip access-list extended public-nat
permit ip 192.168.1.0 0.0.0.255 any
ip nat source list public-nat interface x/x
ip nat source static tcp 192.168.1.10 80 1.1.1.10 80
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: