Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1417
Views
9
Helpful
3
Replies

Inside NAT to NAT help

justinlee21
Level 1
Level 1

‎07-09-2012 10:11 AM - edited ‎03-04-2019 04:55 PM

I'm trying to get (what I'm guessing is) inside NAT to NAT working. The users need to be able to RDP to a term serv by using the external WAN IP address only. So whether they are internal or external, they would use the WAN IP to access the terminal server (never using the local IP).

This would be pretty simple with an internal DNS Server, but we are using ISP provided DNS through our router. Google has lead me to believe that the command "ip nat inside source static 10.0.0.5 1.2.3.4" should work, but it doesn't. In fact, when I add it in there, I lose a lot of routing capability. The following are the NAT rules I have setup so far

ip nat inside source route-map nonat interface FastEthernet4 overload

ip nat inside source static tcp 10.0.0.2 443 1.2.3.4 443 extendable

ip nat inside source static tcp 10.0.0.5 3389 1.2.3.4 3389 extendable

After doing some googling for the last couple of days, I have tried and failed every method I've found. I attempted to setup a NAT Virtual Interface as mentioned on this post http://community.plus.net/forum/index.php?action=printpage;topic=75490.0, but once I removed the "ip nat inside source route-map nonat interface FastEthernet4 overload", I lost all new connections (seemingly because I had just disabled NAT somehow).

Any help would be greatly appreciated.

EDIT: Uploaded my current running config. If I ended up censoring something relavent, let me know.

Labels:
131234-config.txt.zip
0 Helpful
3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

‎07-09-2012 10:35 AM

Hi,,

this is called hairpinning( accessing an inside server which is natted by its natted adress from inside) and it is not available on Cisco routers but normally dns rewrite is available by default on Cisco routers and so if the external IP has a dns record on an external server then you should be able to access the serve by name from inside or outside.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

justinlee21
Level 1
Level 1
In response to cadet alain

‎07-09-2012 10:40 AM

I believe we have an 800 series router and I had run across some posts referring to Hairpinning and it being a feature ASA(I think). However, a number of other posts seem to think it was possible on the routers (such as the link I mentioned in my original post). If that's not the case, then I'll let me client know and we'll move-on.

Also, unfortunately there is no domain for this client. Everything is solely IP based.

0 Helpful

justinlee21
Level 1
Level 1

‎07-10-2012 06:52 AM

For those interested, I was able to resolve this problem using an 881 without any internal DNS solutions. I employed Cisco's NVI (Nat Virtual Interface) but had to add a "no ip redirect" to each interface with an IP address assigned to it.

Removed "ip nat outside/inside" from both interfaces and added "ip nat enable" and "no ip redirect". Added "ip nat source list INSIDE interface FastEthernet4 overload" and removed "ip nat inside source route-map nonat interface FastEthernet4 overload". I then copied the access-lists from "nonat" and added them into a new access-list called INSIDE.

Hopefully anyone else who has this problem may stumble upon this post and be able to resolve it with less google-fu than I needed.

Customers Also Viewed These Support Documents