I've got an 1841 router and am using NAT to expose certain IPs and ports to the outside world so that external users can see internal resources (namely, web sites). However, I can't seem to get it running such that I can visit the external IP address from inside the network and get the router to turn the request around so that it is redirected back inside the network. Shouldn't this be possible? Our previous router (a non-Cisco) was able to do this, but I can't seem to get the new one to do it.
A couple of key config lines:
interface FastEthernet0/0
ip address a.b.c.178 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map aesmap
!
interface FastEthernet0/1
description $ES_LAN$
ip address 192.168.3.1 255.255.254.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 a.b.c.177
ip route 10.50.0.0 255.255.0.0 192.168.2.67
ip route 192.168.2.0 255.255.254.0 FastEthernet0/1
ip route 192.168.6.0 255.255.255.128 FastEthernet0/0
ip route 192.168.10.0 255.255.255.128 FastEthernet0/0
ip route 192.168.24.0 255.255.248.0 192.168.2.120
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.2.7 80 a.b.c.178 80 extendable
!
access-list 100 deny ip 192.168.2.0 0.0.1.255 192.168.10.0 0.0.0.127
access-list 100 deny ip 192.168.2.0 0.0.1.255 192.168.6.0 0.0.0.127
access-list 100 permit ip 192.168.2.0 0.0.1.255 any
no cdp run
!
In short, I want to be able to visit a.b.c.178 from inside the network and see the web site running on 192.168.2.7. We do have two VPNs running to other sites (192.168.10.0/25 and 192.168.6.0/25) as well as two internal networks (192.168.24.0/21 and 10.50.0.0/16) that are used for testing.
Any thoughts? Thanks - Matt