Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

NAT re-direction: ip nat outside source ?

We need to allow users on our LAN to access various internal servers via their FQDN (example, when accessing mail via mail.ourdomian.com) when they are in teh building.

I understand the technique is called NAT redirection.

Is this setup by a series of 'IP NAT outside source' statements?

Example: Will 'ip nat outside source static tcp [public ip] 25 192.168.1.5 25'

send the traffic to the LAN IP?

Is more needed to complete the setup?

Thank you for any input.

3 REPLIES
New Member

Re: NAT re-direction: ip nat outside source ?

For your scenario you need to configure these steps:

1) An accesslist permitting the traffic from outside to inside, only if they are for specified internal servers.

2) Mapping for outside hosts.

3) Mapping for the internal servers.

Refer to the following documents for implementing the above:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

New Member

Re: NAT re-direction: ip nat outside source ?

This is one of the "think simple" examples... we had the same scenario but didn't jump through NAT hoops to make it work. If you maintain your own internal DNS then simply add the external FQDN pointing to the internal LAN IP addresses to your internal DNS. When users are outside with their machines they will still use the ISP's external DNS and will be pointed to your external IP addresses. When users are on the LAN they will first check with the internal DNS but still receive a valid IP address, now an internal one.

New Member

Re: NAT re-direction: ip nat outside source ?

Unfortunately, this is not my LAN to fully manage. Have already made internal DNS suggestion to LAN admin, but he didn't bite.

Up to me to jump through the hoops!

169
Views
0
Helpful
3
Replies
CreatePlease to create content