Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
4
Helpful
3
Replies

Connecting to my hosted websites

chris
Level 1
Level 1

‎01-11-2013 10:30 PM - edited ‎03-07-2019 11:03 AM

Hi guys,

Here's my setup:

- Cisco 1841 connected to the internet on fa0/1

- LAN connected to fa0/0/1 (switch port, connected to Vlan1)

On my LAN I have a webserver that houses different websites.

Those websites have DNS records that point to my public IP address, located on fa0/1.

From the outside I can reach the websites perfectly, but I can't reach them from the inside.

So it looks like I can't seem to connect from my local LAN address to the public ip address
on the Cisco (who then should NAT it to the correct server)

Could someone help me solve this issue?

Here is a snippet from my config:

--NAT--

ip nat inside source static tcp 192.168.0.3 80 interface FastEthernet0/1 80

ip nat inside source route-map Internet interface FastEthernet0/1 overload

--OUTSIDE INTERFACE--

interface FastEthernet0/1

description WAN

ip address dhcp

ip access-group WAN-IN in

ip multicast boundary Multicast-Filter

ip nat outside

duplex auto

speed auto

end

--INSIDE INTERFACE--

interface Vlan1

description LAN

ip address 192.168.0.254 255.255.255.0

ip access-group LAN-IN in

ip pim sparse-dense-mode

ip multicast boundary Multicast-Filter

ip nat inside

end

Thanks!

Chris

Labels:
0 Helpful
3 Replies 3

shamax_1983
Level 3
Level 3

‎01-11-2013 11:21 PM

Hi Chris,

This is normal behavior.

When you have two interfaces, one with "ip nat oustide" and the other with "ip nat inside", If a packet hits the "inside" interface with a destination address of "outside" interface, the packet gets dropped (by design) and that's how it works.

I have seen workarounds for this, like PBR ( policy based routing etc ) but they are a little bit tricky and messy.

But there is a new way of configuring NAT called NVI (Nat virtual Interface only supports IOS 12.3(14)T or later ) which can solve your issue. It removes "ip nat inside/outside" commands and uses a different set of configuration.

But you might have to redo your nat configuration.( shouldn't be too hard )

I found this nice article on the internet (Hats off to the author..), it shows you all the steps involved in changing the old NATs to NVI.

http://tech.jocke.no/2010/09/24/cisco-ios-nat-virtual-interface/

Let me know if you have more questions on this one.

Please rate this post if helpful

Shamal

0 Helpful

Andras Dosztal
Level 3
Level 3

‎01-11-2013 11:48 PM

Alternatively you may create new A records with the servers' private addresses in your internal DNS server, if you have one.


Sent from Cisco Technical Support Android App

shamax_1983
Level 3
Level 3

‎01-12-2013 12:30 AM

Agreed with Dosztal..

or you can change the host records on the PC you are using to connect to the servers.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card