cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
281
Views
5
Helpful
1
Replies
tresdodi
Beginner

Connecting Across NAT Inside Networks through Outside Interface

I'm doing NAT between my WAN interface and two LAN networks: Services and Guest. Forwarding port 80 allows to connect from the WAN to a web server in Services. Connecting from Guest to the web server through the WAN interface fails because the packet is not coming into the home router from a NAT outside network, which is expected. Is it possible somehow to access the web server from Guest through the WAN IP with this NAT setup in place?

 

Capture.JPG

1 ACCEPTED SOLUTION

Accepted Solutions
Georg Pauwen
VIP Expert

Hello,

 

some sort of NAT hairpinning could work. You cannot do it in Packet Tracer, because PT does not support route maps or domainless NAT. The config could look something like below:

 

interface Loopback1
description NAT-HAIRPIN
ip address 169.254.1.1 255.255.255.255
ip nat inside
!
route-map PBR-HAIRPIN permit 10
set interface Loopback1
!
ip access-list extended ACL-HAIRPIN
permit ip 192.168.2.0 0.0.0.255 host 192.168.1.2
!
ip access-list extended ACL-NAT
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 any
!
interface GigabitEthernet0/2
ip address 10.1.1.2 255.255.255.0
ip nat outside
!
interface GigabitEthernet0/1
description LAN
ip address 192.168.2.1 255.255.255.0
ip nat outside
ip policy route-map PBR-HAIRPIN
!
ip nat inside source list ACL-NAT interface GigabitEthernet0/2 overload
ip nat inside source list ACL-HAIRPIN interface Loopback1 overload
ip nat inside source static tcp 192.168.1.2 80 10.1.1.2 80

View solution in original post

1 REPLY 1
Georg Pauwen
VIP Expert

Hello,

 

some sort of NAT hairpinning could work. You cannot do it in Packet Tracer, because PT does not support route maps or domainless NAT. The config could look something like below:

 

interface Loopback1
description NAT-HAIRPIN
ip address 169.254.1.1 255.255.255.255
ip nat inside
!
route-map PBR-HAIRPIN permit 10
set interface Loopback1
!
ip access-list extended ACL-HAIRPIN
permit ip 192.168.2.0 0.0.0.255 host 192.168.1.2
!
ip access-list extended ACL-NAT
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 any
!
interface GigabitEthernet0/2
ip address 10.1.1.2 255.255.255.0
ip nat outside
!
interface GigabitEthernet0/1
description LAN
ip address 192.168.2.1 255.255.255.0
ip nat outside
ip policy route-map PBR-HAIRPIN
!
ip nat inside source list ACL-NAT interface GigabitEthernet0/2 overload
ip nat inside source list ACL-HAIRPIN interface Loopback1 overload
ip nat inside source static tcp 192.168.1.2 80 10.1.1.2 80

View solution in original post