Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2452
Views
0
Helpful
3
Replies

Nat hairpin on router

spinellicisco
Level 1
Level 1

‎05-05-2011 03:33 AM - edited ‎03-06-2019 04:54 PM

Hi,

I have configured my cisco router 1841 with nat overload and static nat 1:1 to 2 lan client as follows:

1. LAN IP 192.168.1.2 navigate with WAN public IP, example 1.1.1.1                 - NAT Overload

ip nat pool natpool 1.1.1.1 1.1.1.1 netmask 255.255.255.0

ip nat inside source list 1 pool natpool overload

access-list 1 permit 192.168.1.0 0.0.0.255

2. LAN IP 192.168.1.132 navigate with an external public IP, example 5.5.5.5      - NAT Static

ip nat inside source static 192.168.1.132 5.5.5.5 extendable

The two lan client navigate without problem, but the hairpin test fail, in fact if I try to ping the ip 5.5.5.5 from the client 192.168.1.2 the ping is not permitted, but naturally the client with ip 192.168.1.2 is able to ping the ip 192.168.1.132.

I have configured the following route-map under the lan interface but the test fail the same

interface Vlan2

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip policy route-map Nat-loop

route-map Nat-loop permit 10

match ip address 102

set ip next-hop 192.168.1.132

access-list 102 permit ip host 192.168.1.2 host 5.5.5.5

I hope one of your kind help.

Best regard.

Fabio

Labels:
0 Helpful
3 Replies 3

PETER EIJSBERG
Level 1
Level 1

‎05-12-2011 02:35 PM

Sorry, hairpin NAT does not work.

0 Helpful

John Peterson
Level 1
Level 1
In response to PETER EIJSBERG

‎04-01-2012 01:27 AM

Hi,

Is that for all Cisco router? as I have a 877 and I'm trying to hairping traffic from my remote site VPN to then NAT outside my 877 to the internet.

0 Helpful

Jaaazman777
Level 1
Level 1
In response to PETER EIJSBERG

‎05-20-2012 11:20 PM

Is it the official opinion from Cisco?

Has smth changed from the past year?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card