05-15-2012 04:18 AM - edited 03-04-2019 04:21 PM
I have setup nat on three sub interfaces but when trying to browse to local servers, such as our web server, that have been translate, we get a prompt to logon to the router. I suspect these internal addresses should not be natted for local users.
Sent from Cisco Technical Support iPad App
05-15-2012 05:29 AM
Hi,
if you're trying to access your internal server from your LAN with its public translated IP that is normal behaviour.
Hairpinning is not supported on cisco routers.
Regards.
Alain
05-16-2012 04:39 AM
Really? Is there any way to prevent this behavior? It seems odd that on a cheapo "router" this doesn't happen. Is there an more advisable way to configure nat?
Sent from Cisco Technical Support iPad App
05-16-2012 04:47 AM
Hi,
yes really. I've heard on NAT on a stick configuration to bypass this limitation but I've never tried it and sometimes it can be more trouble than good.
So use the private address when inside your LAN or use FQDN.
For the latter, as DNS rewrite should be configured by default on Cisco routers you can leverage this feature by having an A record on an external DNS server and so when accessing the server from inside the DNS reply from the outside DNSserver should be rewritten to givez you the private address of the server.
You could also use an internal DNS server with records for the internal server with the private address.
Regards.
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide