10-24-2012 12:50 AM - edited 03-07-2019 09:38 AM
I have a server on your LAN have IP 192.168.10.10 and put it upon the world by
ip nat inside source static tcp 192.168.10.10 80 MyExternalIP 80 extendable
Now, when I type my external IP address in the browser it appears website running on this server. However, this only works in the case when the link with my external IP from the outside. From the LAN connection can not be established.
Please help and thank you in advance.
10-24-2012 01:35 AM
Hi,
this is a well known issues already discussed here hundreds of time: Cisco enterprise model devices don't support NAT hairpinning. In your case if the FQDN of the server is published on external DNS server you can leverage the DNS rewrite
feature of the router and access this server by its fully qualified domain name either on inside or outside.
Regards.
Alain
Don't forget to rate helpful posts.
10-24-2012 01:39 AM
Hi,
Thank you for fast answer.
Bud how do I have to do this? I tried with ip host ... but id doesn't work.
My router has an old iOS 12.3 and there is no ip dns command even.
Regards,
Pawel
10-24-2012 01:47 AM
Hi,
there is nothing to do on the router, just enter the FQDN in the browser not the public IP but this can only work if your DNS A record is on an external device and your client is configured to use this DNS server.
Regards.
Alain
Don't forget to rate helpful posts.
10-24-2012 01:51 AM
But... I've already got that... I have an external DNS server (VPS) in the internet with DNS and some other services like mail and from the internet (ie. from home) I can access the server behind my Cisco with FQDN. Only not from LAN behind the router.
10-24-2012 01:55 AM
Oh! I understand! I need one more DNS (internal) wchich tell my computers in LAN that FQDN is 192.168.10.10.
Have I right?
10-24-2012 03:21 AM
Hi,
this is one of the workaround, yes.
Regards.
Alain
Don't forget to rate helpful posts.
10-24-2012 01:56 AM
Hi,
I wonder if it supported with a static PAT entry but i'm sure it is with a static NAT.
Gonna do some research and some testing.
Anyway here are some workarounds:https://supportforums.cisco.com/thread/2003063
Regards.
Alain.
Don't forget to rate helpful posts.
10-24-2012 03:13 AM
@Pawel
what is see the logic behind this is that what i see is when packet moves from LAN to to PUBLIC IP and hits the (Ip nat inside ) INterface it first do routing and then natting . So moving with this when it routesfirst to the external ip for which it has a arp entry on that router so it routes seeing it as directly connected and nat never happens .
Fo thisr i think 2 Woraround for this apart from discussed above :
1) Which is obvious that your Server should be in diff Vlan always .
2) Domainless NAT works sometimes as it is dependent on IOS version you are using :
You can use Domainless NAT where no Logic of Routing first and then natting comes due to Domainless feature but for IOS limitation i need to search for this :
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide