Hi Guys,
I have a quick NAT question.
I'm doing basic outgoing dynamic NAT overloading to an outside address. (DSL)
I'm also doing some static NAT to direct connections to from the outside address to my mail server.
With the config; people from the internet can connect to my internet address on port 110 and all works well, forwarding it to my internal mail server.
But... I would like to extend this. I want to be able to sit on the local network and connect to the outside internet address on port 110. The router would then need to route my traffic from my inside address back inside to the mail server.
Why do I want to do this you ask? I want to be able to configure my mail client to the outside address and then no matter if I'm away from home or connected locally Ill get my data without needing to change settings on my laptop.
ps I know POP (110) is insecure over the net. If fact I am using secure IMAP but didn't want to complicate the example.
Here's a config snippit (using an 1800)
!
interface VLAN1
description Local LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
!
interface Dialer1
description Internet Connection
ip nat outside
ip inspect insp-fw-in in
ip inspect insp-fw-out out
!
ip nat inside source route-map NAT-MAP interface Dialer1 overload
ip nat inside source static tcp 192.168.0.123 110 interface Dialer1 110
!
ip access-list extended nat-outbound
remark NAT ACL
remark Permitted addresses to NAT
permit ip 192.168.0.0 0.0.0.255 any
remark External IP Address does not need natting (dont log its attempts)
deny ip host <outside IP> any
remark Deny All and log all other traffic trying to NAT
deny ip any any log
!
route-map NAT-MAP permit 1
match ip address nat-outbound
!
I do remember somewhere that Cisco had implemented a feature to enable this. Unfortunately I cant remember what it was called. Cant see to find it via google.
Any ideas would be appreciated.
Ben
