09-28-2020 01:22 AM
Hello.
We have configured port forwarding and it works fine.
1. Port forwarding from the external Internet to the internal server, OK
2. Port forwarding from the external Internet to the domain address of the internal server, OK
3. Access to the internal server from the internal Internet, OK
4. Inaccessible to the domain address of the internal server from the internal Internet
That is, the current problem is number 4.
There seems to be a command to put something in the router, but I do not know what it is.
Thanks
router#show running-config
Building configuration...
Current configuration : 4198 bytes
!
! Last configuration change at 01:27:33 UTC Mon Sep 14 2020 by cisco
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.200
ip dhcp excluded-address 192.168.1.201
ip dhcp excluded-address 192.168.1.202
ip dhcp excluded-address 192.168.1.14
ip dhcp excluded-address 192.168.1.99
!
ip dhcp pool DHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 85.93.5.142 8.8.4.4
lease 0 1
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-1146144679
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1146144679
revocation-check none
rsakeypair TP-self-signed-1146144679
!
!
crypto pki certificate chain TP-self-signed-1146144679
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313436 31343436 3739301E 170D3136 30393230 30383535
32335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31343631
34343637 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B2CC 4A2B2D60 31B13776 7009B6B4 4A4C08DE 6CAE5554 777C9FED B38EEA4F
DC2A4676 5F709759 8B510898 2640F781 FBC92B04 4B08AA91 80DFAC93 0CD615DC
9AF73B11 F3DBF04C 5DA2CF53 E0DE5943 2D0462D0 E60FDAA0 0A00B104 6886E5C4
C9EBF08A FDD92EFE F9E95EDC 8B1BB295 5FEEE3EB DDC43DC7 05C0F8BB 63C98CF6
88670203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14F365BF 293FE4A7 FF8BC359 2D60B9C5 2F0C18B8 B9301D06
03551D0E 04160414 F365BF29 3FE4A7FF 8BC3592D 60B9C52F 0C18B8B9 300D0609
2A864886 F70D0101 05050003 818100A0 0280932D BBEB37FB BEEF219D E1ED0030
39A2E73D A754F040 8F2099B0 3B8DFC6D 7E110F1D E35150BD 4C069382 F57A3681
5919CF07 AB19E614 21494430 7B5EABD4 C82DD03F F161C4A1 B10C47A0 3A691667
1E280B2E 20CDE150 2C7FD344 39236C18 EE33C1C0 A39C5BF6 A018EFC0 9BA1AFD3
EF606476 6F05A484 A6728BA1 BFA2C8
quit
license udi pid CISCO1921/K9 sn FGL203920YG
!
!
username cisco privilege 15 password 0 cisco
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.14 21 interface GigabitEthernet0/0 21
ip nat inside source static udp 192.168.1.14 21 interface GigabitEthernet0/0 21
ip nat inside source static tcp 192.168.1.14 20 interface GigabitEthernet0/0 20
ip nat inside source static udp 192.168.1.14 20 interface GigabitEthernet0/0 20
ip nat inside source static tcp 192.168.1.14 3307 interface GigabitEthernet0/0 3307
ip nat inside source static udp 192.168.1.14 3307 interface GigabitEthernet0/0 3307
ip nat inside source static tcp 192.168.1.14 5000 interface GigabitEthernet0/0 80
ip nat inside source static udp 192.168.1.14 5000 interface GigabitEthernet0/0 80
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 20 in
privilege level 15
login local
transport input ssh
transport output all
line vty 5 15
access-class 20 in
login
transport input ssh
!
scheduler allocate 20000 1000
!
end
09-28-2020 02:00 AM
Hello,
--> Inaccessible to the domain address of the internal server from the internal Internet
Is the domain name of the internal server different for users that are trying to reach it internally than externally ?
10-04-2020 05:11 PM
Hi,
I am sorry for the late reply.
The domains are the same.
10-04-2020 11:38 PM - edited 10-04-2020 11:39 PM
Hello
4. Inaccessible to the domain address of the internal server from the internal Internet
you will to hairpin your nat to accomplish this
the most simplistic way would to use domain less nat instead
interfacess
up nat enable
no ip nat inside/outside
nat commands
io nat aource xxx
no ip nat inside xxx
10-04-2020 11:50 PM
Hi
If configured like that, is there no problem with the operation of 1, 2, and 3?
The site is far away so you need to check in advance.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide