Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
1
Helpful
1
Replies

Loopback/Hairpin NAT Policy

Go to solution
spencermoore
Level 1
Level 1

‎03-22-2015 01:15 PM - edited ‎03-11-2019 10:40 PM

Hello. I'm having trouble configuring a loopback policy. I need to be able to reach an internal server (email) using it's public IP. The NAT rule that I currently have in place allows access to said server from the outside with no issue. However, when I attempt to connect to this public IP from the inside I receive no response (page cannot be displayed). I've run multiple "packet traces" and they come back with no error. What am I missing? I have also enabled "enable traffic between two or more interfaces with the same security level" and "enable traffic between two or more hosts connected to the same interface". Thanks for your time.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎03-22-2015 03:52 PM

The issue you are facing is most likely a DNS issue.  Is your DNS server located on the same subnet as the inside network or are you using a public DNS server?  If you are using a public DNS server or if your DNS server is located off a different interface than your inside network then you need to add the key word dns to the end of the NAT statement you have created for accessing the server from the internet. If the DNS server is located on the same subnet as the inside network, you will need to create a NAT statement that translates the public address to the private address on the inside network:

same-security-traffic permit intra-interface

object network LAN

  subnet 10.10.10.0 255.255.255.0

object network SERVER_PRIVATE

  host 10.10.10.10

object network SERVER_PUBLIC

 host 62.62.62.62

nat (inside,inside) souce static LAN LAN destination static SERVER_PUBLIC SERVER_PRIVATE

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

1 Reply 1

Go to solution
Marius Gunnerud
VIP
VIP

‎03-22-2015 03:52 PM

The issue you are facing is most likely a DNS issue.  Is your DNS server located on the same subnet as the inside network or are you using a public DNS server?  If you are using a public DNS server or if your DNS server is located off a different interface than your inside network then you need to add the key word dns to the end of the NAT statement you have created for accessing the server from the internet. If the DNS server is located on the same subnet as the inside network, you will need to create a NAT statement that translates the public address to the private address on the inside network:

same-security-traffic permit intra-interface

object network LAN

  subnet 10.10.10.0 255.255.255.0

object network SERVER_PRIVATE

  host 10.10.10.10

object network SERVER_PUBLIC

 host 62.62.62.62

nat (inside,inside) souce static LAN LAN destination static SERVER_PUBLIC SERVER_PRIVATE

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card