Destination NAT - IOS router - traffic inside

Unanswered Question
Dec 30th, 2008

I'm having an issue using a destination nat. I'm not sure if this is the best way to do it.

I have a static nat in place mapping a public ip 10.10.10.1 to internal ip 192.1.1.1. All is working well.

Howerver I need the public ip 10.10.10.1 to be accessible to all clients on the internal network. (DB programers hard corded IPs into there program).

Currently I can't ping the public address of the static nat internally.

What type of nat / acl do i need to put in place to get this to work?

Any documentation or advice would be helpful.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Wed, 12/31/2008 - 11:32

You may be able to use policy based routing. Create an access-list permitting all of your internal subnet to the one internal host, but do it by public IP.

ip access-list ext TRANSLATE

permit ip 192.168.1.0 0.0.0.255 host

Then create your route map that forces all of those hosts going to that destination to the internal address instead.

(From memory )

route-map INTERNAL permit 5

match ip address TRANSLATE

set ip next-hop 192.168.1.1 <--your internal server ip.

Again, I don't know if this will work, but it might.

HTH,

John

Actions

This Discussion