I'm the sysadmin for a medium sized international enterprise and we have just rolled out a new network which, amongst other components, uses a Cisco 2821 router at our head office and various Cisco 878s at our branch offices connecting via MPLS to the head office server.
At the head office site, we have various servers that are accessed via the external IP of the head office connection and then port-forwarded to the various servers.
The head office network range is 192.168.254.0/24 and an example of a branch office network is 192.168.1.1/24 .
The Cisco 2821 has 2 Gigabit ports and 8 FastEthernet ports (all FE ports are part of VLAN 1)
We have the internet connected to GE 0/0, the MPLS connected to GE 0/1 and the local network (192.168.254.0/24) connected to VLAN 1.
I have defined GE 0/0 as 'ip nat outside' and GE 0/1 and VLAN 1 as 'ip nat inside'.
I have then enabled PAT for certain ips/ports. For example, assuming our external IP is 22.214.171.124, and our internal SMTP server is on 192.168.254.10, I have added nat/pat rules such as 'ip nat inside source static tcp 192.168.254.10 25 126.96.36.199 25 extendable'.
This, as expected, allows me to access the SMTP server from anywhere on the internet via the external IP of the Cisco 2821.
Unfortunately, what does not work, is accessing the external IP/port from the internal network. This means that a request from either the head office network (192.168.254.0/24), or from any branch office (for example, 192.168.1.0/24) to the external ip/port does not work.
Can this be rectified by using 'ip nat enable' in addition to 'ip nat outside'? or are the two solutions incompatible?
The use of 'ip nat enable' seems not to be as fully documented as the rest of the nat commands so I'm fairly confused as to how compatible it is with other nat commands.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...