Destination NAT - IOS router - traffic inside

Unanswered Question
Dec 30th, 2008
User Badges:

I'm having an issue using a destination nat. I'm not sure if this is the best way to do it.


I have a static nat in place mapping a public ip 10.10.10.1 to internal ip 192.1.1.1. All is working well.


Howerver I need the public ip 10.10.10.1 to be accessible to all clients on the internal network. (DB programers hard corded IPs into there program).


Currently I can't ping the public address of the static nat internally.


What type of nat / acl do i need to put in place to get this to work?


Any documentation or advice would be helpful.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Wed, 12/31/2008 - 11:32
User Badges:
  • Purple, 4500 points or more

You may be able to use policy based routing. Create an access-list permitting all of your internal subnet to the one internal host, but do it by public IP.


ip access-list ext TRANSLATE

permit ip 192.168.1.0 0.0.0.255 host


Then create your route map that forces all of those hosts going to that destination to the internal address instead.



(From memory )


route-map INTERNAL permit 5

match ip address TRANSLATE

set ip next-hop 192.168.1.1 <--your internal server ip.



Again, I don't know if this will work, but it might.


HTH,


John

Actions

This Discussion