Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1824
Views
0
Helpful
3
Replies

Inside nat translations question (external ip to internal)

telsi
Level 1
Level 1

‎08-10-2011 02:23 PM - edited ‎03-07-2019 01:38 AM

Hi,

we are using a Cisco 886VA and are very happy... There is just one thing that we have not accomplished.

Outside interface = Dialer0

Inside Interface = FastEthernet = 10.0.0.1

Email Server on Inside Interface = 10.0.0.2

In order to receive emails we created nat rule:

ip nat inside source static tcp 10.0.0.2 25 interface Dialer0 25

Dialer0 negotiated ip, which is indeed a static ip. = 195.2.1.1

We entered dns record for email.domain.tld = 195.2.1.1 (external ip of Dialer0).

Accessing port 25 on email.domain.tld on outside will port forward to 10.0.0.2.

Fine.

But when inside, the dns record is resolved to external ip of dialer0.

How can we manage that on the inside when accessing 195.2.1.1 the internal ip 10.0.0.2 is accessed.

We don't want to have a internal dns with private ip.

On our old PIX this could be done with nat translation.

How can it be done on 886?

Any help is appreciated.

Thanks

Grischa

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎08-10-2011 02:49 PM

edited

0 Helpful

telsi
Level 1
Level 1
In response to Jon Marshall

‎08-10-2011 11:10 PM

Thanks Jon,

I thought it would be this way.

As far as I understand this post, accessing via public ip is not going to work. But it also says that there will be a possibility of one to one nat translations.

1. Use one to one static NAT translation for the private ip of the server which will enable DNS doctoring

What is meant by this?

Thanks

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to telsi

‎08-11-2011 12:01 AM

Hi,

NAT one to one is commonly used when you go from one autonomous system to another autonomous system and you need your source address when communicating to the destination to be a specific IP address but that IP address does not match your IP address layout. In which case you’d need to NAT one to one the source address to a destination address, in this case NAT one to one is commonly performed on both sides.

To configure a static one to one NAT translation you’ll need two key components; the inside host address (inside local) and the ip address of which the inside local address is to be translated to, (the inside global). Once you have this information you’ll use the "ip nat inside source static inside_local_ip outside_global_ip" command in global configuration mode.

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card