11-18-2010 01:14 AM - edited 03-06-2019 02:06 PM
Hello, this is probably an easy question but I'm stuck. (all IP address's are fake)
External Block: 70.10.20.0/24
Interal Block: 192.168.10.0/24
I have a server with 192.168.10.50 and everyone in the network, servers and desktops can access this server. On the router I give it a nat translation
ip nat inside source static 192.168.10.50 70.10.20.50 extendable
so the outside world can access it, and they can and all seams to work fine. However, if I am on the private range, I cannot access it using the public IP address. Now, this isn't a major problem, however I cannot solve it so it does expose a lack in my knowledge.
Here some other bits of info that might be useful
ip nat pool ionic-pool 85.159.85.2 85.159.85.2 netmask 255.255.255.128
ip nat inside source list 10 pool ionic-pool overload
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 10 permit 192.168.11.0 0.0.0.255
access-list 10 permit 192.168.12.0 0.0.0.255
access-list 10 permit 192.168.200.0 0.0.0.255
interface GigabitEthernet0/1.5
description Public Range
encapsulation dot1Q 70
ip address 70.10.20.2 255.255.255.0
ip access-group 101 out
ip nat outside
no ip mroute-cache
standby ip 70.10.20.1
standby priority 120
standby preempt
interface GigabitEthernet0/3.2
description Private Range
encapsulation dot1Q 10 native
ip address 192.168.10.2 255.255.255.0
ip access-group OfficeWebTraffic in
ip nat inside
standby 1 ip 192.168.10.1
standby 1 priority 110
standby 1 preempt
!
Thanks
11-18-2010 01:26 AM
Hi,
You are actually not supposed to contact your internal server from your internal network by its public IP address. Watch the sequence of steps that happens:
Note that even if the NAT box actually rerouted the packet back, it would create an unnecessary extra hop for all packets between you and the server because the communication would have to go through the NAT box instead of flowing directly.
Best regards,
Peter
11-18-2010 01:36 AM
Thank you for your reply, I had a feeling this was what the end answer would be. So essentially, everyone internall uses the internal IP (or even a name pointing to that) and everyone externall uses the external (or DNS entry) and internal will never use external. That's good enough for me, just though I was missing something completly
Thanks for your time
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide