Hi,

We have a router 2911 and couple global (internet) IPs. One IP address we use for our website, and the second IP we use for users. So we use NAT to translate local IPs to outside (nat overload) for users, and static NAT translation for website. Our website accessible from outside, but LAN users can't get access to server using outside IP.

Test stand config:

interface GigabitEthernet0/0
 description LAN | Local Network
 ip address 2.2.2.254 255.255.255.0
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto

interface GigabitEthernet0/1
 description WAN
 ip address 1.1.1.254 255.255.255.0
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

interface GigabitEthernet0/2
 description DMZ
 ip address 5.5.5.254 255.255.255.0
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto

ip nat inside source route-map nat interface GigabitEthernet0/1 overload

ip nat inside source static tcp 5.5.5.5 80 1.1.1.5 80 extendable

ip route 0.0.0.0 0.0.0.0 1.1.1.100

!1.1.1.100 ISP DG

!172.172.0.0 - vpn ip pool

access-list 110 deny   ip 2.2.2.0 0.0.0.255 172.172.0.0 0.0.255.255
access-list 110 permit ip 2.2.2.0 0.0.0.255 any

route-map nat permit 10
 match ip address 110
 match interface GigabitEthernet0/1

The question is - is it possible to make users get access to local website using global IP - 1.1.1.5?

Any suggestions?