Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1211
Views
8
Helpful
5
Replies

internal web server NAT Issue in cisco 881

may.thu
Level 1
Level 1

‎07-15-2013 09:50 PM - edited ‎03-07-2019 02:25 PM

Hi Team,

I have some Cisco 881 router configuration questions and would like some help from you.

I have a web server within my network and I had forwarded port 80 on the Cisco router WAN interface to allow

external connection to the web server. .

I have no problem connecting to this domain name from my home internet.

However, I noticed that I am not able to connect to the public domain name of this server from

my internal office network. Is there any configuration

settings required to allow this to work on my internal network? There is no firewall in my network. Please advise asap.

Below is the Cisco router running configuration .

Regards,

MayThu

Current configuration : 2445 bytes

!

! Last configuration change at xxxxx

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

no service password-recovery

!

hostnamexxxxxxx

!

boot-start-marker

boot-end-marker

!

enable password enable

!

no aaa new-model

!

!

!

memory-size iomem 10

!

!

ip source-route

!

!

ip dhcp excluded-address 192.168.12.1

!

ip dhcp pool lan

   network 192.168.10.0 255.255.255.0

   default-router 192.168.10.1

   dns-server 210.23.4.6 210.23.1.3

   lease infinite

!

ip dhcp pool VOICE-POOL

   import all

   network 192.168.11.0 255.255.255.0

   default-router 192.168.11.1

   dns-server 210.23.4.6 210.23.1.3

!

ip dhcp pool GUEST-POOL

   network 192.168.12.0 255.255.255.0

   default-router 192.168.12.1

   dns-server 210.23.4.6 210.23.1.3

!

!

ip cef

no ipv6 cef

!

!

multilink bundle-name authenticated

license udi pid CISCO881-SEC-K9 sn xxxxx

!

!

!

interface FastEthernet0

description AUTONONOMOUS AIR

switchport trunk allowed vlan 1,2,1002-1005

switchport mode trunk

!

!

interface FastEthernet1

description AUTONOMOUS

switchport access vlan 2

switchport trunk allowed vlan 1,2,1002-1005

switchport mode trunk

!

!

interface FastEthernet2

description AUTONONOMOUS AIR

switchport trunk allowed vlan 1,2,1002-1005

switchport mode trunk

!

!

interface FastEthernet3

description GUEST VLAN

switchport access vlan 3

!

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex full

speed 100

!

!

interface Vlan1

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

interface Vlan2

description VOICE VLAN

ip address 192.168.11.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

interface Vlan3

description GUEST VLAN

ip address 192.168.12.1 255.255.255.0

  ip nat inside

ip virtual-reassembly

!

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

no ip nat service sip udp port 5060

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.10.248 5500 interface FastEthernet4 5500

ip nat inside source static tcp 192.168.10.252 80 interface FastEthernet4 80

ip route 0.0.0.0 0.0.0.0 dhcp

!

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 192.168.11.0 0.0.0.255

access-list 1 permit 192.168.12.0 0.0.0.255

!

!

!

!

snmp-server community xxxxx

snmp-serverxxxxx

!

control-plane

!

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

password enable

login

!

scheduler max-task-time 5000

end

Labels:
0 Helpful
5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

‎07-16-2013 02:32 AM

Hi,

If you have an internal DNS server then configure a A record with the private IP of the server on this.

Select this internal DNS server as primary and then when hosts on the inside will do name resolution they will get the private IP.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

may.thu
Level 1
Level 1
In response to cadet alain

‎07-16-2013 06:42 AM

Hi Alain,

Thanks for your help. We don't have internal server. Is that why internal network can't go? Should we have internal server?

Regards,

May Thu

0 Helpful

Jan Rolny
Level 3
Level 3
In response to may.thu

‎07-16-2013 07:07 AM

Hi May Thu,

most of applications today requires DNS resolution. Your network can go without DNS but if you will run some web server such is Intranet or other applications for users so they will have to type IP instead of name.

Workaround for this is to edit hosts file on your machine and then you will get name resolution for your system.

Regards,

Jan

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to may.thu

‎07-16-2013 07:19 AM

Hi,

if you rely on an external DNS server then the resolution will get you the external IP instead of the internal IP and in which case you can use NAT NVI config on your Cisco device to enable NAT hairpinning.

int vlan 1

no ip nat inside

no ip redirect

ip nat enable

int f4

no ip nat outside

no ip redirect

ip nat enable

no ip nat inside source list 1 interface FastEthernet4 overload

no ip nat inside source static tcp 192.168.10.248 5500 interface FastEthernet4 5500

no ip nat inside source static tcp 192.168.10.252 80 interface FastEthernet4 80

ip nat  source list 1 interface FastEthernet4 overload

ip nat  source static tcp 192.168.10.248 5500 interface FastEthernet4 5500

ip nat  source static tcp 192.168.10.252 80 interface FastEthernet4 80

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

fotismark
Level 1
Level 1
In response to cadet alain

‎12-28-2017 06:17 AM

savior lol
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card