The contents of the routing table:

SR520#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C    192.168.75.0/24 is directly connected, Vlan75
S    192.168.10.0/24 [1/0] via 192.168.75.9
     195.190.249.0/32 is subnetted, 1 subnets
C       195.190.249.28 is directly connected, Dialer0
     10.0.0.0/24 is subnetted, 2 subnets
S       10.1.10.0 [1/0] via 192.168.75.9
S       10.1.1.0 [1/0] via 192.168.75.9
     OUR_IP_NET/32 is subnetted, 1 subnets
C       OUR_IP_ADDRESS is directly connected, Dialer0
S*   0.0.0.0/0 is directly connected, Dialer0

And the contents of the nat translation table.

This is while doing two things:

1) making a connection from an outside server to our IP address on :22

2) making a connection from an inside machine to our IP address on :22

The inside machine is 192.168.75.14

The :22 NAT mapping goes to 192.168.75.3

I have removed our IP addresses from the list, and only the :22 lines are shown.

Is this a firewall issue somehow? Is the firewall blocking the connection from inside to inside?

Eljakim

SR520#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp OUR_IP:22  192.168.75.3:22    192.168.75.14:2162 192.168.75.14:2162
tcp OUR_IP:22  192.168.75.3:22    OUTSIDE_SERVER:44049 OUTSIDE_SERVER:44049
tcp OUR_IP:22  192.168.75.3:22    ---                ---

Hi Darryl,

it's not a domain name rewrite that I want to do! And I definitely don't want all traffic

to go to 192.168.75.3.

I just don't want my users to have to remember to change their settings based on

whether they're inside or outside the office.

I have a feeling that this is a firewall rule issue somehow, and that it's related

to my other issue, https://www.myciscocommunity.com/thread/1773.

Maybe it'll be resolved once I figure out how to resolve the other issue.

Eljakim

Hi Eljakim,

Did you open a case from TAC as suggested on your other thread? If solving your other issue does not help this one as well, please let us know.

Thank you,

Cisco Moderation Team

Hi moderator,

unfortunately I have not been able to open a TAC case yet.  See Incident: 090311-001943 which has been open for a week now. It appears as though the web-team is unable to help with the Cisco website in making my way through it. I am still hoping for answers...

Once I have a TAC I'll let you know here. Once there is a solution, I'll also post the solution.

Eljakim

Or if you don't have an internal DNS server or have only a few machines that need this modify the hosts file on the individual PCs

I think I'll just open a TAC.

The issue is:

a) we run no internal DNS (and don't want to go for tricks where the IP address that is returned for a domain name is different when inside the firewall compared to outside)

b) we have many different consultants running in and out of our office, so modifying the hosts file also won't work

It used to work on other platforms, so I guess it is possible.

(And yes, if I sound skeptical: last time we asked something 'hard' we received an extensive explanation

in the TAC as to why what we wanted was impossible, and that was just the way TCP/IP worked... It

turned out that it was something that worked immediately after we upgrade the SR520 firmware)

Anyway, thanks for all your reponses! Once I know how to do this I'll post a solution.

Eljakim