请问ISR 1000系列路由器怎么配置nat hairpin

weibin · ‎02-09-2025

我是一个小白，刚刚接触带思科路由器，现在已经配置好了pppoe和nat，外网用户可以正常访问到内网服务，但内网用户通过域名无法访问到服务，请问我要怎配置呢？

互联网 --- 路由器 --- 客户
            |
          服务器（192.168..x.x）

当前的配置：

interface Dialer1
 ip nat outside

interface Vlan20
 ip address 192.168.1.1 255.255.252.0
 ip nat inside

ip nat inside source static tcp 192.168.2.1 443 interface Dialer2 443

paul driver · ‎02-23-2025

Hello
You config for static PAT looks okay , maybe also add a default route and a dynamic pat statement of all others internal hosts to reach the internet.

conf t
ip route 0.0.0.0 0.0.0.0 dialer 1
access-list 10 deny host 192.168.2.1
access-list 10 permit 192.168.2.0 0.0.0.255
ip nat inside source list 10 interface dialer 1

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Georg Pauwen · ‎02-23-2025

您好，哪些源IP地址可以访问Internet，哪些源IP地址不能访问Internet？另外，发布路由器的完整运行配置（sh run）...