Re: NAT re-direction: ip nat outside source ?

PETER KNOWLES · ‎12-19-2006

We need to allow users on our LAN to access various internal servers via their FQDN (example, when accessing mail via mail.ourdomian.com) when they are in teh building.

I understand the technique is called NAT redirection.

Is this setup by a series of 'IP NAT outside source' statements?

Example: Will 'ip nat outside source static tcp [public ip] 25 192.168.1.5 25'

send the traffic to the LAN IP?

Is more needed to complete the setup?

Thank you for any input.

bbaley · ‎12-26-2006

For your scenario you need to configure these steps:

1) An accesslist permitting the traffic from outside to inside, only if they are for specified internal servers.

2) Mapping for outside hosts.

3) Mapping for the internal servers.

Refer to the following documents for implementing the above:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

schm196 · ‎12-26-2006

This is one of the "think simple" examples... we had the same scenario but didn't jump through NAT hoops to make it work. If you maintain your own internal DNS then simply add the external FQDN pointing to the internal LAN IP addresses to your internal DNS. When users are outside with their machines they will still use the ISP's external DNS and will be pointed to your external IP addresses. When users are on the LAN they will first check with the internal DNS but still receive a valid IP address, now an internal one.

PETER KNOWLES · ‎12-26-2006

Unfortunately, this is not my LAN to fully manage. Have already made internal DNS suggestion to LAN admin, but he didn't bite.

Up to me to jump through the hoops!