03-11-2022 06:10 AM - edited 03-11-2022 12:45 PM
Hi all,
I am trying to set up NAT Hairpinning in order to access port forwarded hosts by referencing the outside interfaces IP address.
The purpose of this is to forgoe setting up split DNS in edge sites that have locally hosted web apps that need to be accessed internally and externally without having split DNS.
Here is my existing NAT config:
interface GigabitEthernet0/0/0
ip address dhcp
ip nat outside
ip access-group WAN-ACL-IN in
negotiation auto
no cdp enable
!
ip access-list standard NAT
10 permit 192.168.4.0 0.0.0.255
interface Vlan40
ip address 192.168.4.254 255.255.255.0
ip nat inside
!
ip nat inside source static tcp 192.168.4.1 443 interface GigabitEthernet0/0/0 443
ip nat inside source static tcp 192.168.4.1 80 interface GigabitEthernet0/0/0 80
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
Any suggestions to get this up and running would be greatly appreciated!
Thanks in advanced
03-11-2022 09:47 AM
Hello
Try the following:
no ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
no ip access-list standard NAT
int looopback 0
ip address 169.254.255.254 255.255.255.255
ip nat inside
router-map PBR
set interface loopback 0
int vlan 60
no ip nat inside
ip nat outside
ip policy route-map PBR
ip access-list extended Public-NAT
deny ip 192.168.4.0 0.0.0.255 deny ip 192.168.4.0 0.0.0.255
deny ip 192.168.2.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255
permit ip deny ip 192.168.2.0 0.0.0.255 any
permit ip deny ip 192.168.4.0 0.0.0.255 any
ip access-list extended Hairpin-NAT
permit ip 192.168.2.0 0.0.0.255 host 192.168.2.1
permit ip 192.168.4.0 0.0.0.255 host 192.168.2.1
ip route 0.0.0.0 0.0.0.0 gig0/0/0 dhcp
ip nat inside source list Public-NAT gig0/0/0
ip nat inside source list Hairpin-NAT gig0/0/0