From: Mathew (mathewfer@gmail.com)
Date: Wed Jun 25 2008 - 09:46:49 ART
Hi All,
I have a NAT related issue which I have been struggling on for couple
of days and thought of sharing this issue with you all.
In essence, the clients Web server which is in the DMZ zone can be
accessed from Internet via it's public URL. Users in the LAN also need
to access the website using the same public URL.
Web server also provides access to Intranet web page via it's private
IP address. (Eg: http://10.0.0.2)
Access from outside is fine eg http://68.106.30.181
Access to Intranet from inside is fine http://10.0.0.2
Access to Web server from inside via public URL does not work
http://68.106.30.181
I have tried with a Sonicwall Firewall instead of the Cisco 1841 and
was able to get this working by doing what is called a LOOPBACK NAT on
the firewall based on below logic:
Original SA: 192.168.70.0/24 (LAN Subnet)
Translated SA: 68.106.30.181
Original DA: 68.106.30.181
Translated DA: 10.0.0.2
Original Source: http
Translated Source: http
I cannot figure out how to do similar type of NAT on the Cisco IOS.
(Please note I have modified the Public IP addresses for security
reasons)
!
interface Loopback0
ip address 55.103.30.177 255.255.255.248
!
interface FastEthernet0/0
description - To Internet
ip address 55.103.29.206 255.255.255.252
ip nat outside
!
interface FastEthernet0/0/0
switchport access vlan 70
!
interface FastEthernet0/0/2
switchport access vlan 10
!
interface FastEthernet0/0/3
switchport access vlan 20
!
interface Vlan10
description - To DMZ
ip address 10.0.0.252 255.255.255.0
ip nat inside
ip tcp adjust-mss 1412
!
interface Vlan70
description - To Internal LAN
ip address 192.168.70.252 255.255.255.0
ip nat inside
ip tcp adjust-mss 1412
!
ip route 0.0.0.0 0.0.0.0 55.103.29.205
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source static 10.0.0.2 55.103.30.181
!
-- ThanksMathew
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART