how to enable nat exemption on 2821 router

cktechnology · ‎05-15-2012

I have setup nat on three sub interfaces but when trying to browse to local servers, such as our web server, that have been translate, we get a prompt to logon to the router. I suspect these internal addresses should not be natted for local users.

Sent from Cisco Technical Support iPad App

cadet alain · ‎05-15-2012

Hi,

if you're trying to access your internal server from your LAN with its public translated IP that is normal behaviour.

Hairpinning is not supported on cisco routers.

Regards.

Alain

Don't forget to rate helpful posts.

cktechnology · ‎05-16-2012

Really? Is there any way to prevent this behavior? It seems odd that on a cheapo "router" this doesn't happen. Is there an more advisable way to configure nat?

Sent from Cisco Technical Support iPad App

cadet alain · ‎05-16-2012

Hi,

yes really. I've heard on NAT on a stick configuration to bypass this limitation but I've never tried it and sometimes it can be more trouble than good.

So use the private address when inside your LAN or use FQDN.

For the latter, as DNS rewrite should be configured by default on Cisco routers you can leverage this feature by having an A record on an external DNS server and so when accessing the server from inside the DNS reply from the outside DNSserver should be rewritten to givez you the private address of the server.

You could also use an internal DNS server with records for the internal server with the private address.

Regards.

Alain

Don't forget to rate helpful posts.