Hello,

sorry for my english. I have one question. I have one server (web application) with IP 10.1.1.2 . It's located in the internal network. But on the router "newROUTER" is deployed NAT 10.1.1.2 to global address 83.15.52.165 (dns entry: app.example.com) , thus is accessible from the Internet.

If I want to open app.example.com address from inside the network is not available. If you enter the IP address 10.1.1.2 is the applications available. When I open the address app.example.com from another network or the Internet, app.example.com is available. I need advice on how to make address 83.15.52.165 (app.example.com) , that it was available on the internal network.

Topology:

INTERNET -------- [newPORTAL router] --------- [newROUTER router] ---------- [switch] ------ [switch] -------  [server 10.1.1.2]

Part of configuration is attached

Thanks in advance

--------------------------newPORTAL -----------------------------------------------------------------------

interface Tunnel1

ip address 172.16.0.1 255.255.255.252

ip nat outside

ip virtual-reassembly

tunnel source Vlan11

tunnel destination 192.168.254.1

!

interface FastEthernet0

description $ETH-LAN$

ip address 83.15.37.199 255.255.255.240

ip access-group INTERNET in

ip access-group SPY out

no ip redirects

ip accounting output-packets

ip nat outside

ip inspect FWOUT out

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface FastEthernet1

switchport access vlan 11

no ip address

!

interface FastEthernet2

switchport access vlan 4

no ip address

shutdown

!

interface FastEthernet3

switchport access vlan 11

no ip address

!

interface FastEthernet4

switchport access vlan 10

no ip address

no cdp enable

!

interface Vlan1

no ip address

!

interface Vlan4

no ip address

ip nat outside

ip virtual-reassembly

shutdown

!

interface Vlan11

ip address 83.15.52.161 255.255.255.248

!

ip classless

ip route 0.0.0.0 0.0.0.0 83.15.37.193

ip route 10.2.0.0 255.255.255.0 Tunnel3

ip route 10.2.1.0 255.255.255.0 Tunnel4

ip route 83.15.52.163 255.255.255.255 83.15.52.166

ip route 83.15.52.170 255.255.255.255 Vlan11

ip route 83.15.52.171 255.255.255.255 83.15.52.166

ip route 83.15.52.172 255.255.255.255 83.15.52.166

ip route 83.15.52.173 255.255.255.255 83.15.52.166

ip route 83.15.52.174 255.255.255.255 Vlan11

ip route 83.15.52.175 255.255.255.255 83.15.52.166

ip route 83.15.52.176 255.255.255.255 83.15.52.166

ip route 83.15.52.177 255.255.255.255 83.15.52.166

ip route 83.15.52.179 255.255.255.255 Vlan11

ip route 83.15.52.184 255.255.255.255 83.15.52.166

ip route 192.168.254.1 255.255.255.255 83.15.52.166

!

ip nat pool ipool 83.15.52.161 83.15.52.161 netmask 255.255.255.248

ip nat inside source route-map MAP-DEF pool ipool overload

ip nat inside source static 10.10.1.2 83.15.52.164

!

ip access-list extended INTERNET

permit ip any host 83.15.37.199

permit ip any host 83.15.52.174

permit ip any host 83.15.52.161

permit ip any host 83.15.52.163

permit ip any host 83.15.52.166

permit ip any host 83.15.52.170

permit ip any host 83.15.52.172

permit ip any host 83.15.52.183

permit ip any host 83.15.52.175

permit ip any host 83.15.52.177

permit ip any host 83.15.52.179

permit ip any host 83.15.52.181

permit tcp any host 83.15.52.162 eq www

permit tcp any host 83.15.52.162 eq 443

permit tcp any host 83.15.52.162 eq pop3

permit tcp any host 83.15.52.162 eq smtp

permit tcp any host 83.15.52.162 eq 465

permit tcp any host 83.15.52.162 eq 585

permit tcp any host 83.15.52.162 eq 993

permit tcp any host 83.15.52.162 eq 995

permit tcp any host 83.15.52.162 eq 8443

permit tcp any eq smtp host 83.15.52.162

permit tcp any eq www host 83.15.52.162

permit tcp any eq 443 host 83.15.52.162

permit tcp any host 83.15.52.165 eq www

permit tcp any host 83.15.52.165 eq 443

permit tcp any host 83.15.52.165 eq 943

permit tcp any host 83.15.52.165 eq 4502

permit tcp any host 83.15.52.165 eq 4503

permit tcp any host 83.15.52.165 eq 4510

permit tcp any host 83.15.52.165 eq 14510

permit tcp host 176.61.240.48 eq 10001 host 83.15.52.165

permit tcp any host 83.15.52.164 eq www

permit tcp any host 83.15.52.164 eq 443

permit tcp any host 83.15.52.164 eq smtp

permit tcp any host 83.15.52.164 eq 143

permit tcp any host 83.15.52.164 eq 4503

permit tcp any host 83.15.52.164 eq 4504

permit tcp any host 83.15.52.164 eq 4505

permit tcp any host 83.15.52.164 eq 4506

permit tcp any host 83.15.52.164 eq 4507

permit tcp any host 83.15.52.164 eq 4508

permit tcp any host 83.15.52.164 eq 4509

permit tcp any host 83.15.52.164 eq 4510

permit tcp any host 83.15.52.164 eq 4511

permit tcp any host 83.15.52.164 eq 4512

permit tcp any host 83.15.52.164 eq 4513

permit tcp any host 83.15.52.164 eq 4514

permit tcp any host 83.15.52.164 eq 4515

permit tcp any host 83.15.52.164 eq 4516

permit tcp any host 83.15.52.164 eq 4517

permit tcp any host 83.15.52.164 eq 4518

permit tcp any host 83.15.52.164 eq 4519

permit tcp any host 83.15.52.164 eq 4520

permit tcp any host 83.15.52.164 eq 4521

permit tcp any host 83.15.52.164 eq 4522

permit tcp any host 83.15.52.164 eq 4523

permit tcp any host 83.15.52.164 eq 4524

permit tcp any host 83.15.52.164 eq 4525

permit tcp any host 83.15.52.164 eq 4526

permit tcp any host 83.15.52.164 eq 4527

permit tcp any host 83.15.52.164 eq 4528

permit tcp any host 83.15.52.164 eq 4529

permit tcp any host 83.15.52.164 eq 4530

permit tcp any host 83.15.52.164 eq 4531

permit tcp any host 83.15.52.164 eq 4532

permit tcp any host 83.15.52.164 eq 943

permit tcp host 176.116.107.3 host 83.15.52.164

permit tcp host 217.119.123.21 host 83.15.52.164 eq 1433

permit tcp host 217.12.59.25 host 83.15.52.164

permit tcp host 176.116.107.43 host 83.15.52.164

permit tcp host 85.159.105.246 host 83.15.52.164

evaluate INTERNET_OUT

deny   ip any any

deny   ip any any log

ip access-list extended SPY

permit ip host 83.15.52.162 host 195.28.64.119

permit ip host 83.15.52.162 host 81.89.56.95

permit ip host 83.15.52.162 any reflect INTERNET_OUT

permit ip any any

no logging trap

access-list 1 remark BEGIN CONFIG ACCESS

access-list 1 permit 83.168.174.164 log

access-list 1 permit 192.168.0.0 0.0.255.255 log

access-list 1 deny   any log

access-list 1 remark END CONFIG ACCESS

access-list 102 deny   ip any 10.2.0.0 0.0.255.255

access-list 102 permit ip 10.10.0.0 0.0.255.255 any

access-list 103 permit ip any 10.2.0.0 0.0.255.255

access-list 181 permit udp any eq domain any log

access-list 181 permit udp any any eq domain log

cdp timer 120

cdp holdtime 240

!

route-map MAP-DEF permit 20

match ip address 102

match interface FastEthernet0

----------------------------- newROUTER ------------------------------------------------

interface Loopback1

no ip address

!

!

interface Tunnel3

ip address 172.16.0.2 255.255.255.252

ip nat outside

ip virtual-reassembly in

tunnel source Vlan1

tunnel destination 83.15.52.161

!

interface GigabitEthernet0/1/0

switchport mode trunk

no ip address

!

interface GigabitEthernet0/1/1

switchport access vlan 11

no ip address

!

interface GigabitEthernet0/1/2

switchport access vlan 3

no ip address

!

interface Vlan1

ip address 192.168.254.1 255.255.255.0

ip accounting output-packets

ip nat inside

ip virtual-reassembly in

!

interface Vlan4

ip address 10.1.1.1 255.255.0.0

ip access-group vlan4_acl_in in

ip access-group vlan_acl_out out

ip accounting output-packets

ip nat inside

ip virtual-reassembly in

!

interface Vlan11

ip address 83.15.52.166 255.255.255.248

ip nat outside

ip virtual-reassembly in

!

ip local pool VLAN4VPN-POOL 10.1.1.128 10.1.1.254

ip local pool VLAN1VPN-POOL 192.168.250.2 192.168.250.255

ip local pool VPN-POOL 192.168.254.240 192.168.254.253

ip forward-protocol nd

!

ip nat inside source static 192.168.254.2 83.15.52.162

ip nat inside source static 10.1.1.2 83.15.52.165

ip route 0.0.0.0 0.0.0.0 83.15.52.161

ip route 83.15.52.162 255.255.255.255 83.15.52.161

ip route 83.15.52.164 255.255.255.255 Tunnel3

!

ip access-list extended INTERNET

deny   ip 192.168.0.0 0.0.255.255 any

deny   ip 10.0.0.0 0.255.255.255 any log

permit ipinip any any

permit icmp any any

evaluate INTERNET_OUT

permit ip any host 83.15.52.166

ip access-list extended vlan4_acl_in

remark pristup do tech siete IT a BIELYR na intelex BEGIN

permit ip host 10.1.1.10 host 192.168.254.3

permit ip host 10.1.1.10 host 192.168.254.100

permit ip host 10.1.1.4 host 192.168.254.3

permit ip host 10.1.1.4 host 192.168.254.100

remark pristup do tech siete  IT na intelex END

permit ip host 10.1.1.2 192.168.254.0 0.0.0.255

permit ip 192.168.252.0 0.0.0.255 10.1.0.0 0.0.255.255 log

permit ip 192.168.254.0 0.0.0.255 192.168.254.0 0.0.0.255

permit ip 10.2.0.0 0.0.255.255 10.1.0.0 0.0.255.255

permit ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255

permit ip 10.1.0.0 0.0.255.255 10.2.0.0 0.0.255.255

permit ip 10.1.0.0 0.0.255.255 192.168.252.0 0.0.0.255

permit ip host 10.1.1.2 83.168.174.160 0.0.0.15

permit ip host 10.1.1.2 any

ip access-list extended vlan4_acl_out

remark pristup do tech siete IT a BIELYR na intelex a PTZ  BEGIN

permit ip host 192.168.254.3 host 10.1.1.10

permit ip host 192.168.254.3 host 10.1.1.4

permit ip host 192.168.254.100 host 10.1.1.4

permit ip host 192.168.254.100 host 10.1.1.10

remark pristup do tech siete IT na intelex PTZ END

permit ip 192.168.254.0 0.0.0.255 192.168.254.0 0.0.0.255

permit ip 192.168.254.0 0.0.0.255 host 10.1.1.2

permit ip 192.168.252.0 0.0.0.255 host 10.1.1.2

permit ip 10.1.0.0 0.0.255.255 192.168.252.0 0.0.0.255 log

permit ip 10.2.0.0 0.0.255.255 10.1.0.0 0.0.255.255

permit ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255

permit ip any host 10.1.1.2

!

access-list 1 permit 192.168.0.0 0.0.255.255 log

access-list 1 deny   any log

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 23 permit 192.168.254.0 0.0.0.255

access-list 100 permit ip 192.168.254.0 0.0.0.255 83.15.52.160 0.0.0.7

access-list 100 permit ip 192.168.128.0 0.0.0.255 83.15.52.160 0.0.0.7

access-list 100 permit ip 192.168.250.0 0.0.0.255 83.15.52.160 0.0.0.7

access-list 100 permit ip 192.168.252.0 0.0.0.255 83.15.52.160 0.0.0.7

access-list 100 permit ip 192.168.253.0 0.0.0.255 83.15.52.160 0.0.0.7

access-list 102 deny   gre host 192.168.254.13 host 83.15.52.161

access-list 102 deny   ip any host 10.8.30.240

access-list 102 deny   ip any host 10.8.30.241

access-list 102 deny   ip any host 10.8.31.250

access-list 102 deny   ip any host 10.8.31.251

access-list 102 deny   ip any host 10.8.31.252

access-list 102 deny   ip any host 10.8.31.253

access-list 102 deny   ip any host 10.8.31.225

access-list 102 deny   ip any host 10.100.31.253

access-list 102 deny   ip any host 10.1.9.11

access-list 102 deny   ip any host 10.12.15.20

access-list 102 deny   ip any host 10.12.24.11

access-list 102 deny   ip any host 10.100.7.74

access-list 102 deny   ip any host 10.100.14.1

access-list 102 deny   ip any host 10.100.14.2

access-list 102 deny   ip any host 10.97.108.90

access-list 102 deny   ip any host 10.97.108.91

access-list 102 deny   ip any host 10.97.108.94

access-list 102 deny   ip any host 172.18.1.12

access-list 102 deny   ip any host 172.18.1.13

access-list 102 deny   ip any host 10.106.225.2

access-list 102 deny   ip 192.168.250.0 0.0.0.255 192.168.250.0 0.0.0.255

access-list 102 deny   udp any eq domain any eq domain

access-list 102 permit ip 192.168.128.0 0.0.0.255 any

access-list 102 permit ip 192.168.250.0 0.0.0.255 any

access-list 102 permit ip 192.168.251.0 0.0.0.255 any

access-list 102 permit ip 192.168.252.0 0.0.0.255 any

access-list 102 permit ip 192.168.254.0 0.0.0.255 any

access-list 102 permit ip 10.1.1.0 0.0.0.255 any

!

route-map MAP-DEF permit 20

match ip address 102

match interface Vlan11