08-30-2017 10:11 PM - edited 03-05-2019 09:04 AM
Hello,
I was hoping for some guidance from someone who can offer any. I am trying to get users to access devices through NAT from the inside using the external interface. I have tried a domainless NAT configuration as well but I am back to what I guess you'd call a more standard NAT as of now. I know DNS plays into this as well so thank you for your help. The windows domain is local.domain.com and main local network is 192.168.10.0. Users get primary DNS server through DHCP which is 192.168.10.2 with 8.8.8.8 as secondary. We are hosting our public website on 192.168.10.5 and we can access the website from the outside fine as I've updated the public DNS records to our ISP IP address and inside as well as long as I point clients to the local IP address. There has to be a way to access the webpage from the inside using the outside IP I would think. Also, concerning ACLs 110 and 111 would adding the statement: [ permit ip 192.168.10.0 0.0.0.255 any ] when assigning them to GigabitEthernet0/1 in keep traffic flowing normal? Would I just need to add it to one or both ACLs? If there is anything else in the configuration that looks off feel free to let me know. Thank you for your help.
08-31-2017 12:27 AM
Hello,
I am not clear on what you are asking. Your current configuration looks fine, and all your internal users should be able to access the public IP address of your website. Is that not the case ?
When you use the FQDN of the website, it will probably first always resolve to the local IP address.
Can you clarify your question ?
08-31-2017 12:53 AM - edited 08-31-2017 12:56 AM
Right now in the local DNS (Windows server) I have an A record of www.ourdomain.com pointing to 192.168.10.5 and it works, but if I change that record to our public IP or just try to type the public IP into the address bar it will not load the website from the inside. When I type the public IP it asks me to log into the router through http. Everything loads with the website out of the building. Thanks for your assitance.
08-31-2017 01:18 AM
Hello,
ok, understood.
Try and change the static NAT entry:
ip nat inside source static tcp 192.168.10.5 80 interface GigabitEthernet0/1 80
to:
ip nat inside source static tcp 192.168.10.5 80 x.x.x.x 80 extendable
where x.x.x.x is the IP address of GigabitEthernet0/1.
08-31-2017 11:15 AM
I tried that and still no luck. I read somewhere that this isn't possible on my router but I do not know how accurate that is. I have a Cisco 1921 IOS router. It is still asking to login to the router through http when I try accesing the webpage using the public IP address.
08-31-2017 12:07 PM
Hello,
what is the public IP address of the web site ? I want to try and see if I can access it from the outside...
08-31-2017 12:13 PM - edited 01-30-2018 11:42 PM
I wet back to domainless NAT again to see if it would work with the extendable added and still no luck.
All interfaces:
no ip nat inside/outside
ip nat enable on all
ip nat source list 1 interface GigabitEthernet0/1 overload
no ip nat insidce source list 1 GigabitEthernet0/1 overload
ip nat source static tcp 192.168.10.5 80 hidden 80 extendable
no ip nat inside source static tcp 192.168.10.5 80 hidden 80 extendable
So on and so on....
08-31-2017 12:34 PM
Hello,
when I type in the IP address, this is what I get:
Can you try to change your NAT entry to use port 443 instead of 80 ?
08-31-2017 01:02 PM
08-31-2017 01:07 PM
Hello,
that could be an issue. Try one port (I can connect on 80 and 8080, both get me to https://okcgcc.com)...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide