Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
1
Replies

NAT internal Routing

sslack031
Level 1
Level 1

‎12-04-2014 10:07 AM - edited ‎03-07-2019 09:47 PM

Hi,

 

I have a Static NAT rule to allow ports 443 and 3389 in from public address for RDS enviroment.

I'm able make a connection from the outside to inside but if i was to request the connection from inside to outside and back in, i get a page cannot be displayed.

Pinging to Public DNS entry from inside the network i'm able to resolve the external IP address, but it doesn't seem to work if i'm browsing the webpage.

I've switched over a few of the PC's to use a seperate broadband connection and it works fine. So this draws me to believing it must be a NAT rule.

 

This is what i have.

 

ip nat pool WIGAN 218.232.95.154 218.232.95.158 netmask 255.255.255.248
ip nat inside source list 98 pool WIGAN overload
ip nat inside source list 110 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.245 443 218.232.95.156 443 extendable
ip nat inside source static tcp 192.168.1.241 25 218.232.95.157 25 extendable
ip nat inside source static tcp 192.168.1.241 80 218.232.95.157 80 extendable
ip nat inside source static tcp 192.168.1.241 143 218.232.95.157 143 extendable
ip nat inside source static tcp 192.168.1.241 443 218.232.95.157 443 extendable
ip nat inside source static tcp 192.168.1.241 993 218.232.95.157 993 extendable
ip nat inside source static tcp 192.168.1.247 443 218.232.95.158 443 extendable
ip nat inside source static tcp 192.168.1.247 3389 218.232.95.158 3389 extendable

 

Any ideas?

 

Labels:
0 Helpful
1 Reply 1

ghostinthenet
Level 7
Level 7

‎12-09-2014 06:14 PM

With traditional inside/outside NAT, this doesn't work. What you're trying to do is called hairpinning and isn't supported. If you really need to be able to access your internal resources using the outside addresses, you can try switching to a NAT Virtual Interface (NVI) configuration to accomplish this.

The configuration is similar to what you have except that you leave the "inside" portion of the command off of all of your NAT definitions. You also need to remove "ip nat inside" and "ip nat outside" from the relevant interfaces and replace them with "ip nat enable" instead.

Give that a try and see if it solves things for you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card