cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
814
Views
0
Helpful
3
Replies

Hairpin IOS 15.x simply via snat entry ?

digi076
Level 1
Level 1

Hi all,

 

I've read a lot of discussions about Hairpin NAT for Cisco IOS router. Mostly about creating an NVI, PBR or split DNS.

On my Mikrotik home router I was facing this issue as well but it was easy to enable a Hairpin NAT solution, see

https://wiki.mikrotik.com/wiki/Hairpin_NAT

 

Basicly you create a SNAT entry next to de DNAT entry. I saw some discussion online (other forum) that somebody managed to do this on a Cisco router as well, but no examples were shown.

 

Is this possible on a Cisco IOS router? It seems way more simple than the other suggestions to create a Hairpin NAT rule.

 

Thanks !

 

 

3 Replies 3

Hello

Domain-less nat (NVI) should be able to accommodate this, As the nat order differs from domain based nat in that NVI nat performs two route lookups before and after nat translation, thus internal hosts should be able to reach their own internal web server via its local destination natted address.

 

Example:
int x/x
description wan
ip address 1.1.1.1 255.255.255.0
ip nat enable

int x/x
description Lan
ip address 192.168.1.1 255.255.255.0
ip nat enable

access-list 1 deny host 192.168.1.10
access-list permit 192.168.1.0 0.0.0.255

ip nat source static tcp 192.168.1.10 443 1.1.1.10 443
ip nat source list 1 interface (wan)




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello Paul,

 

Thanks for your reply. Ok, so it's not possible like the way I provided in post? I read that NVI puts strain on the cpu, it's a 887 series router. Is NVI still the recommended method in this case?

 

 

Hello

have a look at this previous post

https://community.cisco.com/t5/routing/nat-/td-p/2475807

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card