08-10-2010 07:09 PM - edited 03-04-2019 09:22 AM
Here is the situation:
We have a site with a small router (881), with a port forward setup for an application on a server which resides on the inside of the network. When they are outside of the network they access it using the external IP address and the port forward works correctly. If they bring the laptop onsite and try to use it the program fails because it appears that the port forwarding no longer works.
I know this is because it is not hitting the PAT translations correctly. I have not been able to find any solution to make this work with a Cisco router when a program using a static external IP address.
The issue is that this solution has worked for years using a SOHO router (Linksys/DLink).
The only path i have found is using DNS doctoring, but i would rather not have to do this. I'm just having a hard time believing that a cheap home router can do this, but we can't make a Cisco router provide the same functionality.
Hoping someone can help me with this....
08-10-2010 07:14 PM
Hello,
Please try creating NAT using NAT Virtual Interface. NAT virtual interfaces apply the NAT rules irrespective of the source of the packet.
Interface
no ip nat inside
ip nat enable
exit
Interface
no ip nat inside
ip nat enable
exit
Now, remove all NAT rules and re-enter them.
Hope this helps.
Regards,
NT
Note: For some reason, the email I sent from my email client got corrupted and only a part of the configuration showed up here.
Message was edited by: Nagaraja Thanthry
08-11-2010 05:16 PM
Nagaraja this seems like the right path. I changed the NAT over to NVI, but it still doesnt appear to be working from the inside. My config now has:
int f0/0 (outside)
ip nat enable
int vlan 1 (inside)
192.168.1.1/24
ip nat enable
ip nat source list NATLIST interface FastEthernet0/0 overload
ip nat source static tcp 192.168.1.100 81 interface FastEthernet0/0 81
ip access-list extended NATLIST
permit ip 192.168.1.0 0.0.0.255 any
Am i missing something?
08-11-2010 09:32 PM
I don't see how this would work. Unless you create the dns entry in the internal dns server. According to your config the server and your internal lan is using the same external interface (thus same external ip) for the nat. Traffic from your internal network will not flow out the router and then back in to the server when sharing the same external ip.
08-11-2010 09:41 PM
Hello,
Do you have a static IP on the outside interface? If yes, can you try:
no ip nat source static tcp 192.168.1.100 81 interface FastEthernet0/0 81
ip nat source static tcp 192.168.1.100 81 81
Regards,
NT
08-11-2010 09:49 PM
Btw use debug ip packet or debug ip nat. This output would help you troubleshoot.
08-11-2010 11:12 AM
It doesn't sound like they are passing through the router when they are inside your network. It sounds like they are on the same subnet as the server.
If they are inside your network they will need to use the local ip address of the server to connect to it, not the external ip address
08-11-2010 01:51 PM
The proper way is to create the DNS IN A record in your internal DNS server to point to the private ip address of the server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide