Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
0
Helpful
3
Replies

Help with NAT ?

Ronni Feldt
Level 1
Level 1

‎10-13-2011 05:41 AM - edited ‎03-03-2019 06:24 AM

Hi,

I have the following network connected and configured to a single Cisco 1800 router.

VLAN 2 (10.1.20.0/24)

|

int vlan2, ip address 10.1.20.1

|

Cisco 1800 ----- int fa0, public ip address ---- Internet

|

int vlan3, ip address 10.1.30.1

|

VLAN 3 (10.1.30.0/24)

VLAN 2 is server vlan with a webserver.

VLAN 3 is clients.

NAT configuration:

VLAN 2 and VLAN 3 is using NAT to access the internet, and both is configured as inside interfaces.

fa0 is configured as outside interface.

Now I don't know if this is about NAT, but I've tried several things without luck.

Problem:

A client in VLAN 3 tries to access a domain on the webserver in VLAN 2.

It starts by sending a DNS query to a DNS server located at the ISP, and gets the ip address for the domain, which is of course a public ip address.

Then nothing happens because the client tries to access the domain on the webserver using the public ip address, and the webserver have a local ip address 10.1.20.20 which is on the local LAN (VLAN 2).

I've tried NAT because I have to change the destination ip address, but I can't seem to get it right.

Does anyone know how to do this or can anyone point me in the right direction it would be appriciated?

Labels:
0 Helpful
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

‎10-13-2011 06:36 AM

Do they have a local DNS server? The best bet would be to create an internal dns record and have their domain point to the internal IP address so the traffic doesn't leave the router at all. You can also use host entries on each workstation if they don't have that many hosts.

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Ronni Feldt
Level 1
Level 1
In response to John Blakley

‎10-13-2011 11:57 AM

Hi John,

No there's no internal DNS server.

Although I can see your point in the traffic shouldn't leave the local network, where the web server is located, I'm seeking a solution, where I don't have to install and configure an internal DNS server or making changes to the hosts files on the clients.

Actually I just need to change the destination IP address, but I can't seem to find the right way.

- Ronni

0 Helpful

Kristian Alexander Brown
Level 4
Level 4

‎10-16-2011 01:14 AM

Change the nat config should work.

On fa0 use:

ip nat enable

On vlan 2 and 3 use:

ip nat enable

Tcp port 80 nat and all other nat config should be changed also:

Ip nat source static tcp (inside ip) 80 (outside ip, not interface name) 80 extendable

Etc

Etc

Also configure this:

Ip nat source list XXX interface fa0 overload

That works like a charm in many of my networks atleast.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents