An easy way to manage this would be to create some object groups and networks to manage the access from device to NAT, and then to apply ACLs to allow and permit certain ports through to source.
To stop access just create an ACL to deny other traffic explicitly, and the ACL will only reference the allow rules.
Let me know if you want this writing out and ill post some more suggestions here.
Hope this helps!
... View more
We have a deployment on a customer site with a 1921 with 6 inbound IPs from the ISP, and several internal servers running web and mail inside on the network 10.10.10.x.
Computers inside the network locally can access the shared folders of the server on the Full Server Name and Network Share Name absolutely fine, however when remote workers come for the day and connect to wifi, they cannot connect, as their laptops are configured to connect normally using the public IP address.
We understand there is an element of loopback or hairpinning needed to get this to work completely properly, however we are unsure of which configuration change to use on the 19xx router series, usually we work this on ASA with the keyword dns in the NAT translation.
As example, IP 10.10.10.4 is for public ip x.x.x.119 and IP 10.10.10.5 is for public IP x.x.x.120
To get around the problem of internal users not being able to visit the website hosted locally, we have entered IP HOST www.example.com in the router config which is a work around, however we need a resolution to this so that we can host internal mail servers and our remote workers can access their files when they come in for the day.
... View more