accessing problem to the servers on public ip from internal

Unanswered Question
Feb 3rd, 2008
User Badges:

we have somany public ip which we natted to our local server from internet we are able to access those public ip.from internal network we can access those servers with local ips but not able to access those servers with those natted public ip and we want to access those servers with natted public ip also for our project.need help on this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Goutam Sanyal Sun, 02/03/2008 - 23:55
User Badges:
  • Silver, 250 points or more

Can you post the NAT configuration.

parba.basu Mon, 02/04/2008 - 01:07
User Badges:

hello goutam,

the nat configuration is given below,

ip nat inside source static 10.1.x.249

ip nat inside source static 10.1.x.154

ip nat inside source static 10.1.x.251

now this servers are accessable from internet through the public ip, and from internal through private ip. but i want to access this servers from internal through public could i achieve this.

Goutam Sanyal Mon, 02/04/2008 - 01:58
User Badges:
  • Silver, 250 points or more

Dear Parba,

IF you have a CISCO PIX/FireWall, so you can go for DNS-Doctoring.


static (dmz,outside) PUBLIC_IP PRIVET_IP netmask

static (dmz,inside) PUBLIC_IP PRIVET_IP netmask

If, you do not have a Cisco PIX/ FireWall then you are opening a Deep Security Hole.



parba.basu Mon, 02/04/2008 - 02:32
User Badges:

hello goutam,

static (dmz,inside) PUBLIC_IP PRIVET_IP netmask in this cmd which ip should i give as PUBLIC_IP whether the DMZ Server or Public Server IP? After doing this should i access this server from internal network with the Global Public ip?



Goutam Sanyal Mon, 02/04/2008 - 03:16
User Badges:
  • Silver, 250 points or more

Actually Public IP is the Live IP from which user can access ur server from internet and Private Ip is equivalent to DMZ or the ip that can be accessed from your inside network.

But to be very frank this two commands are perfect for Cisco PIX firewall, but this process, DNS DOCTORING , enabled by default in cisco routers. You better search some documents on DNS Doctoring in Cisco routers before configuring that.But it can be done in this way that's true.

Goutam Sanyal Mon, 02/04/2008 - 04:10
User Badges:
  • Silver, 250 points or more

According to CISCO:-

DNS doctoring allows the security appliance to rewrite DNS A-records.

DNS rewrite performs two functions:

Translates a public address (the routable or mapped address) in a DNS reply to a private address (the real address) when the DNS client is on a private interface.

Translates a private address to a public address when the DNS client is on the public interface.

More details pls visit:

Pls rate if it works.



This Discussion