Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4937
Views
15
Helpful
14
Replies

Need to Access Apps from Inside network Using public IP

Go to solution
Ejaz Ahmed
Level 1
Level 1

‎05-28-2014 12:30 AM - edited ‎03-04-2019 11:02 PM

Hi all,

Please help me on this.

We have a Cisco router in our network. We have configured many port forwarding in the router and all are working fine. One of my application is forwarded to the port 8080 from outside to inside.  We can access that application from external network using the Public IP, also we can access the same from inside network using private IP. My requirement is, I need to access the same from inside network using Public IP. How can I do that??

 

Regards,

Ejaz Ahmed

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP
In response to Ejaz Ahmed

‎05-29-2014 02:24 AM

Hello

okay try doman-less nat instead.

here

res

Paul

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

14 Replies 14

Go to solution
Richard Bradfield
Level 6
Level 6

‎05-28-2014 12:54 AM

This seems to be a DNS problem, I would think that from inside the DNS server would supply the inside IP address whereas Public users would use Public DNS with the Public IP. Another way would be from inside go out of a different Internet Router, so can be routed back in
0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Richard Bradfield

‎05-29-2014 07:16 AM

Hello

I believe it to do the way Domain NAT works regarding inside and outside nat order.

Accessing the application via the internal subnet is fine as no nat is occurring however when you need to access the same application via its external natted address from within the internel lan itself the way nat is perform could be the problem.

 

My understanding of this may be incorrect, so I hope someone on these forums will be able to validate these next steps:

 

Domain NAT
Inside nat - routing perform before NAT
Outside nat - Nat perform before routing

1) packet is indicted from a inside lan towards a natted outside IP address

2) Outside NAT occurs and  then RIB table lookup is performed then routed to destination inside ip

3 The returning packet performs a RIB table lookup first BEFORE NAT occurs and sees that the destination address is on its local subnet so  nat is NOT initiated on the returning path and routes locally

4) The returning packet will be dropped because by the router sees the returning packet scr address is different then the natted address the router is expecting.

 

Domain-less NAT

2 routing lookups are performed before and after translation so the returning packet will be successful due to these rib lookups and translation being preformed the same in either direction.

 

FYI - I have labbed this up regards Domain-less Nat and it seems to work - please review the attached file.

 

As I have stated this may be incorrect and I hope someone else could validate this.

res

Paul

 

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
domainless_nat.png
Preview file
46 KB

Go to solution
Ejaz Ahmed
Level 1
Level 1
In response to paul driver

‎05-29-2014 09:09 PM

Thanks again for the information......:) :) :)

0 Helpful

Go to solution
Thomas Panicker
Level 1
Level 1
In response to Ejaz Ahmed

‎06-30-2014 11:29 PM

Hi Ejaz,

FYI.

Try using Nat Virtual Interface which could provide a resolutions for your query.

Regards,

Thomas

 

Go to solution
paul driver
VIP
VIP

‎05-28-2014 03:16 AM

Hello

Sounds like Destination NAT could be applicable -  in relation to the order of NAT - however never tried this with domain NAT

inside nat - Routing first
outside nat - Nat occurs first

ip nat outside source static tcp (public-ip) (translated local-ip) 80

ip route (translated local-ip) 255.255.255.255 (public-ip)

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Ejaz Ahmed
Level 1
Level 1
In response to paul driver

‎05-28-2014 03:16 AM

Hi Paul,

Thank you for the reply. I have tried the same, but didn't work....

Regards,

Ejaz

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Ejaz Ahmed

‎05-29-2014 02:24 AM

Hello

okay try doman-less nat instead.

here

res

Paul

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Ejaz Ahmed
Level 1
Level 1
In response to paul driver

‎05-29-2014 09:08 PM

Great.....!!!!!!!!!! It worked. Thank you so much Paul for the help. Now I can access the apps with the public IP from inside as well as outside. Many thanks.....

0 Helpful

Go to solution
Claudiu Negut
Level 1
Level 1
In response to Ejaz Ahmed

‎09-04-2014 02:06 PM

Ejaz,

 

Can you please post the config of the router with the changes in place that allows you to access inside apps using the public ip?

I have the same issue and i just can't make it work... I am missing something and i can't figure it out. My current config is attached.

 

Thanks,

Claudiu

sho_run_0.txt
Preview file
3 KB
0 Helpful

Go to solution
Ejaz Ahmed
Level 1
Level 1
In response to Claudiu Negut

‎09-13-2014 07:04 AM

Hi Claudiu,

Just saw your post...

Please see attached the config file.

 

Regards,

Ejaz

 

run_config.rtf
Preview file
4 KB
0 Helpful

Go to solution
Claudiu Negut
Level 1
Level 1
In response to Ejaz Ahmed

‎09-16-2014 11:01 PM

Thank you Ejaz!!!

i was missing the "no ip redirects" line on my router interfaces. Not sure how this works but now everything is fine.

 

again... Thank you!!!!

Best Regards,

Claudiu

0 Helpful

Go to solution
olumidekolawole1
Level 1
Level 1
In response to Ejaz Ahmed

‎02-24-2018 07:27 AM

Hi,

 

I am having a similar issue on my network. I needed to access a web application on my internal network from outside. I have ASA version 9 sitting on the inside. Here is my configuration, but it seems not working;

WEBSERVER: HRFOCUS
PUBLIC IP: 80.248.12.189
LOCAL IP: 192.168.16.28
Object network HRFOCUS
host 192.168.16.28
access-list outside-in extended permit ip any host 192.168.16.28
nat (inside,outside) static 80.248.12.178 service tcp 8080 8080
access-group outside-in in outside
 
Kindly assist me on this.
ASA CONFIG.docx
Preview file
16 KB
0 Helpful

Go to solution
Martin Carr
Level 4
Level 4

‎05-29-2014 06:13 AM

It's not a DNS problem, as he is connecting via IP!

I suspect the problem is the firewall does not permit port 8080 outbound?

Martin

0 Helpful

Go to solution
M-Square
Level 1
Level 1

‎05-30-2014 09:08 AM

Hi Ejaz,

We have encountered this type of req before and our answer was to use DNS Doctoring.  The below links describe the solution when using the ASA platform.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/71704-dns-doctoring-2zones.html

 

Hope this helps.

Cheers,
Merlin

0 Helpful
Top