07-15-2013 09:50 PM - edited 03-07-2019 02:25 PM
Hi Team,
I have some Cisco 881 router configuration questions and would like some help from you.
I have a web server within my network and I had forwarded port 80 on the Cisco router WAN interface to allow
external connection to the web server. .
I have no problem connecting to this domain name from my home internet.
However, I noticed that I am not able to connect to the public domain name of this server from
my internal office network. Is there any configuration
settings required to allow this to work on my internal network? There is no firewall in my network. Please advise asap.
Below is the Cisco router running configuration .
Regards,
MayThu
Current configuration : 2445 bytes
!
! Last configuration change at xxxxx
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service password-recovery
!
hostnamexxxxxxx
!
boot-start-marker
boot-end-marker
!
enable password enable
!
no aaa new-model
!
!
!
memory-size iomem 10
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.12.1
!
ip dhcp pool lan
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 210.23.4.6 210.23.1.3
lease infinite
!
ip dhcp pool VOICE-POOL
import all
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
dns-server 210.23.4.6 210.23.1.3
!
ip dhcp pool GUEST-POOL
network 192.168.12.0 255.255.255.0
default-router 192.168.12.1
dns-server 210.23.4.6 210.23.1.3
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn xxxxx
!
!
!
interface FastEthernet0
description AUTONONOMOUS AIR
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
!
!
interface FastEthernet1
description AUTONOMOUS
switchport access vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
!
!
interface FastEthernet2
description AUTONONOMOUS AIR
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
!
!
interface FastEthernet3
description GUEST VLAN
switchport access vlan 3
!
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex full
speed 100
!
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
interface Vlan2
description VOICE VLAN
ip address 192.168.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
interface Vlan3
description GUEST VLAN
ip address 192.168.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
no ip nat service sip udp port 5060
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.10.248 5500 interface FastEthernet4 5500
ip nat inside source static tcp 192.168.10.252 80 interface FastEthernet4 80
ip route 0.0.0.0 0.0.0.0 dhcp
!
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.11.0 0.0.0.255
access-list 1 permit 192.168.12.0 0.0.0.255
!
!
!
!
snmp-server community xxxxx
snmp-serverxxxxx
!
control-plane
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password enable
login
!
scheduler max-task-time 5000
end
07-16-2013 02:32 AM
Hi,
If you have an internal DNS server then configure a A record with the private IP of the server on this.
Select this internal DNS server as primary and then when hosts on the inside will do name resolution they will get the private IP.
Regards
Alain
Don't forget to rate helpful posts.
07-16-2013 06:42 AM
Hi Alain,
Thanks for your help. We don't have internal server. Is that why internal network can't go? Should we have internal server?
Regards,
May Thu
07-16-2013 07:07 AM
Hi May Thu,
most of applications today requires DNS resolution. Your network can go without DNS but if you will run some web server such is Intranet or other applications for users so they will have to type IP instead of name.
Workaround for this is to edit hosts file on your machine and then you will get name resolution for your system.
Regards,
Jan
07-16-2013 07:19 AM
Hi,
if you rely on an external DNS server then the resolution will get you the external IP instead of the internal IP and in which case you can use NAT NVI config on your Cisco device to enable NAT hairpinning.
int vlan 1
no ip nat inside
no ip redirect
ip nat enable
int f4
no ip nat outside
no ip redirect
ip nat enable
no ip nat inside source list 1 interface FastEthernet4 overload
no ip nat inside source static tcp 192.168.10.248 5500 interface FastEthernet4 5500
no ip nat inside source static tcp 192.168.10.252 80 interface FastEthernet4 80
ip nat source list 1 interface FastEthernet4 overload
ip nat source static tcp 192.168.10.248 5500 interface FastEthernet4 5500
ip nat source static tcp 192.168.10.252 80 interface FastEthernet4 80
Regards
Alain
Don't forget to rate helpful posts.
12-28-2017 06:17 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide