Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1775
Views
0
Helpful
4
Replies

Reaching an IP inside global from the inside network

Go to solution
Wilfredo Antonio Diaz Rodriguez
Level 1
Level 1

‎06-25-2012 04:02 PM - edited ‎03-04-2019 04:47 PM

Is it possible to reach an IP Inside global address from the inside network (or LAN) on a cisco router when doing NAT?

The case is the following:

A client who doesnt have a DMZ told me he was having issues with his web application only from his LAN, meaning outside the LAN on the internet the application runs fine, the issue is the public IP Address is referenced on many links in the web application and when people is using the application from the LAN they cannot reach the public IP address becouse this is being nat-ed...

when packets to the public address reach the router inside interface i guess it is routing them instead of realizing that the public address is being statically nat-ed...

The configs are as follows:

interface FastEthernet4

desc WAN

ip address 190.120.14.2 255.255.255.248

ip nat outside

!

interface Vlan1

description LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static 192.168.1.27 190.120.14.4

It has to some workaround to make this works...Again the problem is: clients in the LAN cannot reach statically nat-ed address defined as inside global, so the clients cannot reach the local web server using the public nat-ed address of the webserver.

Thanks in advance,

Regards

Wilfredo Díaz

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
BigDawgFelton
Level 1
Level 1

‎06-25-2012 06:47 PM

I am actually working on an issue that is the exact same thing. I have figured out the work around this issue as the general NAT setup where you define an outside and inside interface.

You can use the NAT virtual interface by using the ip nat enable command on the interfaces and removing the ip nat outside/inside commands.

You also need to change your NAT statement from:

ip nat inside source list

To:

ip source list ......

I have seen many weird things using the NVI interface. It seems buggy with IOS and I feel it may depend on your router and or version of IOS. Currently I have everything configured but my NAT statement doesn't keep the overload portion of the command in the running config even though I entered it.

If you decide to go this route you can confirm you are using the NVI interface by using the command:

Show ip nat nvi translations

If you see entries here things are working correctly. You shouldnt see new entries under:

Show ip nat translations

I would like to work with you and anyone else on here to solve this problem. It sounds like many are still trying to find work arounds to browse to the inside global address to contact their internal server.

Elton

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
4 Replies 4

Go to solution
BigDawgFelton
Level 1
Level 1

‎06-25-2012 06:47 PM

I am actually working on an issue that is the exact same thing. I have figured out the work around this issue as the general NAT setup where you define an outside and inside interface.

You can use the NAT virtual interface by using the ip nat enable command on the interfaces and removing the ip nat outside/inside commands.

You also need to change your NAT statement from:

ip nat inside source list

To:

ip source list ......

I have seen many weird things using the NVI interface. It seems buggy with IOS and I feel it may depend on your router and or version of IOS. Currently I have everything configured but my NAT statement doesn't keep the overload portion of the command in the running config even though I entered it.

If you decide to go this route you can confirm you are using the NVI interface by using the command:

Show ip nat nvi translations

If you see entries here things are working correctly. You shouldnt see new entries under:

Show ip nat translations

I would like to work with you and anyone else on here to solve this problem. It sounds like many are still trying to find work arounds to browse to the inside global address to contact their internal server.

Elton

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Wilfredo Antonio Diaz Rodriguez
Level 1
Level 1
In response to BigDawgFelton

‎06-25-2012 08:51 PM

I couldnt even wait till tomorrow i had to setup some virtual machines and the solution worked!!! (on gns3) worked like a charm xD

i had never seen that approach, thanks a lot... i knew there was to be a way... and thanks to you i have found it, u re awesome!... first thing on the morning im going to implement this (meanwhile i had setup a DMZ for the client that was having the problem but i definitively going to try this on that network xD)

Regards

Wilfredo Diaz

0 Helpful

Go to solution
Vivek Ganapathi
Level 4
Level 4
In response to Wilfredo Antonio Diaz Rodriguez

‎06-25-2012 09:27 PM

Elton is absolutely correct. This is the only thing which can be performed from networking side. Unfortunately, you loose the flexibility of unable to specify which interface is inside/outside & probably some won't permit you to have route-maps for translation control. One more solution from application point of view is Split DNS.

Anyways, good that it's sorted out. But do keep the above issues in mind as well.

Regards

Vivek

0 Helpful

Go to solution
Wilfredo Antonio Diaz Rodriguez
Level 1
Level 1
In response to Vivek Ganapathi

‎06-26-2012 03:54 PM

Thanks for your comments they are being taken into consideration...

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card