Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1797
Views
0
Helpful
5
Replies

cannot access internal web server from same lan

nika.pitskhelauri
Level 1
Level 1

‎11-01-2011 03:54 AM

i cant resolve one problem in may 1921 ISR router, i have a web server in my internal lan , i set up static nat for accessing that web server from outside and it works fine but i cannot view that site from internal workstations can you suggest me what to do. i need packets to go out the outgoing interface of router and then come back and enter the static nat wich will direct to the web server is it possible?

static nat is

ip nat inside source static tcp  <local web server adress> 80 <global address> 80

also i have set up dinamic nat for outgoing trafic

ip nat inside source list <access-list> interface <outgoing interface>   

and it is working fine too.

on external interface i have nat outside

on internal interface i have nat inside

Labels:
0 Helpful
5 Replies 5

nika.pitskhelauri
Level 1
Level 1

‎11-01-2011 07:37 AM

i made some tests and i found out that when i am trying to open that web site from internal host router is not performing nat

0 Helpful

douhanm
Level 1
Level 1
In response to nika.pitskhelauri

‎11-06-2011 05:49 AM

This is not working because your router has a direct to your web server that is not through the outside interface which is needed for nat to occur, for this to work you need to setup a loopback interface as nat outside and policy route traffic to there for your server traffic

Bu if your server is internal why do you need nat at all? Can you not use bind with views that might be simpler

M

Sent from Cisco Technical Support iPad App

0 Helpful

nika.pitskhelauri
Level 1
Level 1
In response to douhanm

‎11-06-2011 08:27 AM

thenx for relplay i will test that, but i dont undersand what do you meen under can you not use bind with views? I should use that stuff on my dns or should

not, or something else?

0 Helpful

nika.pitskhelauri
Level 1
Level 1
In response to douhanm

‎11-08-2011 06:04 AM

Config what i set up

int loopback 0

   ip address 10.10.10.10 255.255.255.252

   ip nat outside

ip access-list extended (name)

   permit 80 any x.x.x.x (i tryed both global adress and server local)

roure-map (name) permit 10

  match ip address (access-list name)

  set ip next-hop 10.10.10.10

Int g0/1

  ip policy route-map (name)

But it does not helped

0 Helpful

Arun Nair
Level 1
Level 1
In response to nika.pitskhelauri

‎11-12-2011 04:28 AM

Hi Nika,

Are the internal server and end users in the same subnet? In that case, no need to send traffic to gateway, right? It should work perfectly fine.

Please let me know if I misread your topology.

Cheers

Arun

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents