Server exposed to the world through NAT is not visible from the

pswinczak · ‎10-24-2012

I have a server on your LAN have IP 192.168.10.10 and put it upon the world by

ip nat inside source static tcp 192.168.10.10 80 MyExternalIP 80 extendable

Now, when I type my external IP address in the browser it appears website running on this server. However, this only works in the case when the link with my external IP from the outside. From the LAN connection can not be established.

Please help and thank you in advance.

cadet alain · ‎10-24-2012

Hi,

this is a well known issues already discussed here hundreds of time: Cisco enterprise model devices don't support NAT hairpinning. In your case if the FQDN of the server is published on external DNS server you can leverage the DNS rewrite

feature of the router and access this server by its fully qualified domain name either on inside or outside.

Regards.

Alain

Don't forget to rate helpful posts.

pswinczak · ‎10-24-2012

Hi,

Thank you for fast answer.

Bud how do I have to do this? I tried with ip host ... but id doesn't work.

My router has an old iOS 12.3 and there is no ip dns command even.

Regards,

Pawel

cadet alain · ‎10-24-2012

Hi,

there is nothing to do on the router, just enter the FQDN in the browser not the public IP but this can only work if your DNS A record is on an external device and your client is configured to use this DNS server.

Regards.

Alain

Don't forget to rate helpful posts.

pswinczak · ‎10-24-2012

But... I've already got that... I have an external DNS server (VPS) in the internet with DNS and some other services like mail and from the internet (ie. from home) I can access the server behind my Cisco with FQDN. Only not from LAN behind the router.

pswinczak · ‎10-24-2012

Oh! I understand! I need one more DNS (internal) wchich tell my computers in LAN that FQDN is 192.168.10.10.

Have I right?

cadet alain · ‎10-24-2012

Hi,

this is one of the workaround, yes.

Regards.

Alain

Don't forget to rate helpful posts.

cadet alain · ‎10-24-2012

Hi,

I wonder if it supported with a static PAT entry but i'm sure it is with a static NAT.

Gonna do some research and some testing.

Anyway here are some workarounds:https://supportforums.cisco.com/thread/2003063

Regards.

Alain.

Don't forget to rate helpful posts.

atchaudh · ‎10-24-2012

@Pawel

what is see the logic behind this is that what i see is when packet moves from LAN to to PUBLIC IP and hits the (Ip nat inside ) INterface it first do routing and then natting . So moving with this when it routesfirst to the external ip for which it has a arp entry on that router so it routes seeing it as directly connected and nat never happens .

Fo thisr i think 2 Woraround for this apart from discussed above :

1) Which is obvious that your Server should be in diff Vlan always .

2) Domainless NAT works sometimes as it is dependent on IOS version you are using :

You can use Domainless NAT where no Logic of Routing first and then natting comes due to Domainless feature but for IOS limitation i need to search for this :

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html

Server exposed to the world through NAT is not visible from the LAN.