10-13-2011 05:41 AM - edited 03-03-2019 06:24 AM
Hi,
I have the following network connected and configured to a single Cisco 1800 router.
VLAN 2 (10.1.20.0/24)
|
int vlan2, ip address 10.1.20.1
|
Cisco 1800 ----- int fa0, public ip address ---- Internet
|
int vlan3, ip address 10.1.30.1
|
VLAN 3 (10.1.30.0/24)
VLAN 2 is server vlan with a webserver.
VLAN 3 is clients.
NAT configuration:
VLAN 2 and VLAN 3 is using NAT to access the internet, and both is configured as inside interfaces.
fa0 is configured as outside interface.
Now I don't know if this is about NAT, but I've tried several things without luck.
Problem:
A client in VLAN 3 tries to access a domain on the webserver in VLAN 2.
It starts by sending a DNS query to a DNS server located at the ISP, and gets the ip address for the domain, which is of course a public ip address.
Then nothing happens because the client tries to access the domain on the webserver using the public ip address, and the webserver have a local ip address 10.1.20.20 which is on the local LAN (VLAN 2).
I've tried NAT because I have to change the destination ip address, but I can't seem to get it right.
Does anyone know how to do this or can anyone point me in the right direction it would be appriciated?
10-13-2011 06:36 AM
Do they have a local DNS server? The best bet would be to create an internal dns record and have their domain point to the internal IP address so the traffic doesn't leave the router at all. You can also use host entries on each workstation if they don't have that many hosts.
John
10-13-2011 11:57 AM
Hi John,
No there's no internal DNS server.
Although I can see your point in the traffic shouldn't leave the local network, where the web server is located, I'm seeking a solution, where I don't have to install and configure an internal DNS server or making changes to the hosts files on the clients.
Actually I just need to change the destination IP address, but I can't seem to find the right way.
- Ronni
10-16-2011 01:14 AM
Change the nat config should work.
On fa0 use:
ip nat enable
On vlan 2 and 3 use:
ip nat enable
Tcp port 80 nat and all other nat config should be changed also:
Ip nat source static tcp (inside ip) 80 (outside ip, not interface name) 80 extendable
Etc
Etc
Also configure this:
Ip nat source list XXX interface fa0 overload
That works like a charm in many of my networks atleast.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide