Using external IP address from inside a router

Unanswered Question
Aug 10th, 2010

Here is the situation:

We have a site with a small router (881), with a port forward setup for an application on a server which resides on the inside of the network.    When they are outside of the network they access it using the external IP address and the port forward works correctly.   If they bring the laptop onsite and try to use it the program fails because it appears that the port forwarding no longer works. 

I know this is because it is not hitting the PAT translations correctly.  I have not been able to find any solution to make this work with a Cisco router when a program using a static external IP address.

The issue is that this solution has worked for years using a SOHO router (Linksys/DLink).

The only path i have found is using DNS doctoring, but i would rather not have to do this.    I'm just having a hard time believing that a cheap home router can do this, but we can't make a Cisco router provide the same functionality.

Hoping someone can help me with this....

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
khearn8 Wed, 08/11/2010 - 11:12

It doesn't sound like they are passing through the router when they are inside your network.  It sounds like they are on the same subnet as the server.

If they are inside your network they will need to use the local ip address of the server to connect to it, not the external ip address

jean.moncada Wed, 08/11/2010 - 13:51

The proper way is to create the DNS IN A record in your internal DNS server to point to the private ip address of the server.

Nagaraja Thanthry Tue, 08/10/2010 - 19:14

Hello,

Please try creating NAT using NAT Virtual Interface. NAT virtual interfaces apply the NAT rules irrespective of the source of the packet.

Interface

no ip nat inside

ip nat enable

exit

Interface

no ip nat inside

ip nat enable

exit

Now, remove all NAT rules and re-enter them.

Hope this helps.

Regards,

NT

Note: For some reason, the email I sent from my email client got corrupted and only a part of the configuration showed up here.

Message was edited by: Nagaraja Thanthry

mhurley131 Wed, 08/11/2010 - 17:16

Nagaraja this seems like the right path.    I changed the NAT over to NVI, but it still doesnt appear to be working from the inside.   My config now has:

int f0/0  (outside)

     ip nat enable

int vlan 1 (inside)

     192.168.1.1/24

     ip nat enable

ip nat source list NATLIST interface FastEthernet0/0 overload
ip nat source static tcp 192.168.1.100 81 interface FastEthernet0/0 81

ip access-list extended NATLIST
permit ip 192.168.1.0 0.0.0.255 any

Am i missing something?

jean.moncada Wed, 08/11/2010 - 21:32

I don't see how this would work. Unless you create the dns entry in the internal dns server. According to your config the server and your internal lan is using the same external interface (thus same external ip) for the nat. Traffic from your internal network will not flow out the router and then back in to the server when sharing the same external ip.

Nagaraja Thanthry Wed, 08/11/2010 - 21:41

Hello,

Do you have a static IP on the outside interface? If yes, can you try:

no ip nat source static tcp 192.168.1.100 81 interface FastEthernet0/0 81

ip nat source static tcp 192.168.1.100 81 81

Regards,

NT

jean.moncada Wed, 08/11/2010 - 21:49

Btw use debug ip packet or debug ip nat. This output would help you troubleshoot.

Actions

This Discussion