05-05-2011 03:33 AM - edited 03-06-2019 04:54 PM
Hi,
I have configured my cisco router 1841 with nat overload and static nat 1:1 to 2 lan client as follows:
1. LAN IP 192.168.1.2 navigate with WAN public IP, example 1.1.1.1 - NAT Overload
ip nat pool natpool 1.1.1.1 1.1.1.1 netmask 255.255.255.0
ip nat inside source list 1 pool natpool overload
access-list 1 permit 192.168.1.0 0.0.0.255
2. LAN IP 192.168.1.132 navigate with an external public IP, example 5.5.5.5 - NAT Static
ip nat inside source static 192.168.1.132 5.5.5.5 extendable
The two lan client navigate without problem, but the hairpin test fail, in fact if I try to ping the ip 5.5.5.5 from the client 192.168.1.2 the ping is not permitted, but naturally the client with ip 192.168.1.2 is able to ping the ip 192.168.1.132.
I have configured the following route-map under the lan interface but the test fail the same
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip policy route-map Nat-loop
route-map Nat-loop permit 10
match ip address 102
set ip next-hop 192.168.1.132
access-list 102 permit ip host 192.168.1.2 host 5.5.5.5
I hope one of your kind help.
Best regard.
Fabio
05-12-2011 02:35 PM
Sorry, hairpin NAT does not work.
04-01-2012 01:27 AM
Hi,
Is that for all Cisco router? as I have a 877 and I'm trying to hairping traffic from my remote site VPN to then NAT outside my 877 to the internet.
05-20-2012 11:20 PM
Is it the official opinion from Cisco?
Has smth changed from the past year?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: