Re: Hairpin NAT on a Cisco IOS Router? from Tolulope Ogunsina on 2010-02-28 (Ccielab archives /201002)

From: Tolulope Ogunsina <togunsina_at_gmail.com>
Date: Sun, 28 Feb 2010 17:33:46 +0100

Hi,
I read something on this blog sometime ago which might be of help.
http://ccie-in-3-months.blogspot.com/2008/12/nat-hairpinning-using-nat-pools-pbr.html

HTH,

On 2/28/10, Gregory Gombas <ggombas_at_gmail.com> wrote:
> Here's a brain teaser for you current and aspiring CCIE's.
>
> I have a client which currently has a linksys router which they would
> like to replace with a Cisco SR520W.
>
> They have a simple network with clients and servers on the same inside
> network that get's NAT'd to a single public IP address on the outside
> connection to the internet.
>
> They have a database server on the inside network that is accessible
> from both the internet and inside users.
> The client software has the public IP of the database hard-coded into
> the application.
>
> Clients on the internet can access the database, but clients
> internally can not. I am positive it is because the NAT fails when a
> client on the inside tries to connect to the public IP of the server.
>
> I found this Cisco document that explains the situation perfectly. In
> fact, it seems the PIX/ASA supports hairpinning using the alias
> command:
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml
>
> Question:
> Is there a command on an IOS router that is similar to the PIX alias
> command that would translate the destination address of the database
> from the public IP to the internal IP?
> If not, can this be done with some sort of NAT on a stick or policy
> based routing?
>
> Please note: DNS doctoring, split DNS, or any manipulation of the DNS
> entry would have no effect here because the public IP of the database
> server is hard-coded into the client application.
>
> Thanks very much,
> Gregory Gombas
> CCIE# 19649
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Best Regards,
Tolulope.
Blogs and organic groups at http://www.ccie.net

Received on Sun Feb 28 2010 - 17:33:46 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:36 ART