hi all. We have a router which connect to internet. Behind the router (our internal network) we have two server which one has access from internet and has web server http://www.server.com.

How to our internal user can access to this web server via one external web name like http://www.server.com. Another saing external and internal user can access to this web server from one name http://www.server.com. From internal We have ping for his external ip address but can't web access to it.

this is config:

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RVG

!

resource policy

!

ip cef

!

no ip domain lookup

!

username xxx privilege 15 secret xxx

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key xxx address y.y.y.y

!

crypto ipsec transform-set tb_TRANSFORMSET esp-3des esp-md5-hmac

!

crypto map tb_CRYPTO 1 ipsec-isakmp

set peer x.x.x.y

set transform-set tb_TRANSFORMSET

set pfs group2

match address 101

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ES_WAN$

ip address x.x.y.z 255.255.255.248

ip access-group to_outside out

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map tb_CRYPTO

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 172.16.9.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip route 0.0.0.0 0.0.0.0 x.x.x.x

!

ip nat inside source list 150 interface FastEthernet4 overload

ip nat inside source static tcp 172.16.9.101 22 x.x.z.z 22 extendable

ip nat inside source static tcp 172.16.9.101 53 x.x.z.z 53 extendable

ip nat inside source static udp 172.16.9.101 53 x.x.z.z 53 extendable

ip nat inside source static tcp 172.16.9.101 80 x.x.z.z 80 extendable

ip nat inside source static tcp 172.16.9.101 443 x.x.z.z 443 extendable

ip nat inside source static tcp 172.16.9.102 21 x.x.y.y 21 extendable

ip nat inside source static tcp 172.16.9.102 22 x.x.y.y 22 extendable

ip nat inside source static tcp 172.16.9.102 53 x.x.y.y 53 extendable

ip nat inside source static udp 172.16.9.102 53 x.x.y.y 53 extendable

ip nat inside source static tcp 172.16.9.102 80 x.x.y.y 80 extendable

ip nat inside source static tcp 172.16.9.102 443 x.x.y.y 443 extendable

!

ip access-list extended to_inside

permit tcp any host x.x.z.z eq 22

permit tcp any host x.x.z.z eq www

permit tcp any host x.x.z.z eq 443

permit udp any host x.x.z.z eq domain

permit udp any host x.x.y.y eq domain

permit tcp any host x.x.y.y eq 22

permit tcp any host x.x.y.y eq www

permit tcp any host x.x.y.y eq 443

permit udp host x.x.x.y host x.x.y.z eq non500-isakmp

permit udp host x.x.x.y host x.x.y.z eq isakmp

permit esp host x.x.x.y host x.x.y.z

permit udp any host x.x.y.z eq domain

permit icmp any any echo-reply

permit icmp any any time-exceeded

permit icmp any any unreachable

deny ip 172.16.0.0 0.15.255.255 any

deny ip 192.168.0.0 0.0.255.255 any

deny ip 127.0.0.0 0.255.255.255 any

deny ip host 255.255.255.255 any

deny ip host 0.0.0.0 any

deny ip any any log

ip access-list extended to_outside

deny ip host 255.255.255.255 any

deny ip 127.0.0.0 0.255.255.255 any

permit ip any any

!

access-list 101 permit ip 172.16.9.0 0.0.0.255 host 10.0.154.27

access-list 101 permit ip 172.16.9.0 0.0.0.255 host 10.0.154.28

access-list 150 deny ip 172.16.9.0 0.0.0.255 host 10.0.154.27

access-list 150 deny ip 172.16.9.0 0.0.0.255 host 10.0.154.28

access-list 150 permit ip 172.16.9.0 0.0.0.255 any

thanks before