External to internal IP Addressing

it · ‎02-21-2017

I am looking to allow my Cisco 891f the ability of being able to hit internal IP addresses using the Public IP Address. With my previous router I could use the public IP Address from the LAN and WAN when trying to connect to computers with external ports.

Example: previously I could enter xx.xxx.xxx.xxx:85 (external) to access my offices DVR both outside and inside the building. Now I have links to both the outside and inside IP Address:85 on my notebook.

This is an issue now due to having field workers that need to connect to our time keeping server both on and off-site, and trying to teach them how to change the IP Address to the server when entering the building is just too much with the amount of turn over in that department. Thanks to all who assist.

Sam Smiley · ‎02-21-2017

I know there is a way to route LAN traffic out to the outside interface of your router where it will do the port translation back to the service offered. However I have never seen a reliable way to do this, maybe someone will come along with the config for this on a single VLAN.

There is an interesting phenomenon with Cisco equipment in this scenario; if you create multiple VLANs this will work, below is a trace from my workstation to the web server for our office which is connected to the same switch as my workstation, just in a different VLAN.

C:\>tracert www.rockdale.com

Tracing route to www.rockdale.com [64.23.122.234]
over a maximum of 30 hops:

1    <1 ms     1 ms    <1 ms c3560e-v200-01-09-19-10.rockdale.com [10.19.9.1]
2     1 ms    <1 ms    <1 ms c2851isr-01-13-13-10.rockdale.com [10.13.13.1]
3     2 ms     1 ms     1 ms 64-232-122-125.customerip.cisco.net [64.232.122.125]
4 igate.rockdale.com [64.232.122.126] reports: Destination net unreachable.

Trace complete.

10.13.13.1 is the LAN interface of our router while 64.232.122.125 is the WAN interface of that same router. As I noted above there is a way to do it with a single VLAN I have never found the config.

Cheers,

Sam

it · ‎02-21-2017

Here I have the typical WAN setup and a single Vlan1 setup. You created a Vlan for one system? This gave you circular name/ip resolution? Thanks.

Sam Smiley · ‎02-21-2017

There is more than one system on the VLAN however you could do it for a single system. Yes, it creates the environment you want.

Cheers,

Sam

Georg Pauwen · ‎02-21-2017

Hello,

why not create a simple batch file and install a shortcut on the laptops/computers:

This batch file will open the internal address of the website when it is reachable (which is the case when the users are connected to the local LAN), and if not, the external address of the website:

@echo off
ping -n 1 (10.10.10.1) >nul
IF ERRORLEVEL 0 GOTO EXTERNAL
IF ERRORLEVEL 1 GOTO INTERNAL

:INTERNAL
start chrome http://10.10.10.1
GOTO end

:EXTERNAL
start chrome http://201.200.20.1
GOTO end

This example opens the Chrome browser, for Internet Explorer, it would look like this:

@echo off
ping -n 1 (10.10.10.1) >nul
IF ERRORLEVEL 0 GOTO EXTERNAL
IF ERRORLEVEL 1 GOTO INTERNAL

:INTERNAL
start iexplore.exe http://10.10.10.1
GOTO end

:EXTERNAL
start iexplore.exe http://201.200.20.1
GOTO end

it · ‎02-21-2017

The users are using an Apple iOS app to connect to our Time program. In the field they can hit the server from outside using the public, but not internally. The app has a settings toggle that is where you enter the IP Address for the server. This process is proving too difficult to these individuals. Thanks