From: Nir Wittenberg (nwittenberg@msncomm.com)
Date: Tue Apr 20 2004 - 01:57:09 GMT-3
I think this is the solution I will try.
I will let all know how it turns out.
Thanks All.
-----Original Message-----
From: Kenneth Wygand [mailto:KWygand@customonline.com]
Sent: Saturday, April 17, 2004 10:54 PM
To: istong@stong.org; Tony Schaffran; Nir Wittenberg;
ccielab@groupstudy.com
Subject: RE: DNS and NAT
Another option is to bind the public IP address to the web server as a
second IP address... then add a /32 static route to the closest router
(to the web server) and propegate this route throughout the network.
This way the local hosts will be able to access this server via the
actual public IP address.
-----Original Message-----
From: nobody@groupstudy.com on behalf of istong@stong.org
Sent: Fri 4/16/2004 11:42 PM
To: Tony Schaffran; 'Nir Wittenberg'; ccielab@groupstudy.com
Cc:
Subject: RE: DNS and NAT
I don't think that's the problem he is addressing.
Certainly you can exclude your web server from the static
nat and leave it as is but what usually is the case is you
have a web server internally that is assigned a private IP
address. It is then statically nat'd to a public address.
The issue then becomes outside users get resolved to the
server via the public address and internal users also get
resolved to the outside public address. The PIX addresses
it with the alias command and other DNS solutions.
With a router doing the NATing the question was how can you
configure it to deal with this issue. I'm not aware of a
way to do it but there may be a way to do it. Aside from
using the router you could use Split DNS and have an
internal DNS server that resolves your internal private
addresses and then refers to an outside DNS server for
public addresses. Also you can configure static mappings in
your local hosts file on the workstations as well.
Ian
http://www.ccie4u.com
High End Rack Rentals and CCIE Lab Scenarios starting at $20
> This sounds like a problem with your NAT configuration. I
> have come across this situation several times with our
> customers.
>
> The problem has been that when they static NAT an internal
> IP, like their web server, they forget to exclude that
> address from the dynamic NAT pool.
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
> On Behalf Of Nir Wittenberg
> Sent: Friday, April 16, 2004 1:55 PM
> To: ccielab@groupstudy.com
> Subject: DNS and NAT
>
> Is there a solution within IOS to intercept DNS
> resolution? My issue is that I have hosts and a WWW
> server on the same segment. All are being NATed. The DNS
> servers sits outside of the Network/NAT and tells the rest
> of the enterprise the way to get to the WWW server use
> this global IP which has a static translation to the WWW
> server. The issue is that when the local host do a DNS
> lookup they are getting the global IP rather than the
> local IP.
>
> I know the PIX can do this with the dns and alias
> keywords but I am looking for an IOS solution.
>
> Thanks,
> Nir
> CCIE 12261
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing
> your study materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing
> your study materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
______________________________________________
Check Your Email From Any Where in the World!
http://www.myemail.com
Tell Your Friends about MyEmail.com!
______________________________________________
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:50 GMT-3