I've got an 1841 router and am using NAT to expose certain IPs and ports to the outside world so that external users can see internal resources (namely, web sites). However, I can't seem to get it running such that I can visit the external IP address from inside the network and get the router to turn the request around so that it is redirected back inside the network. Shouldn't this be possible? Our previous router (a non-Cisco) was able to do this, but I can't seem to get the new one to do it.
A couple of key config lines:
ip address a.b.c.178 255.255.255.240
ip nat outside
no cdp enable
crypto map aesmap
ip address 192.168.3.1 255.255.254.0
ip nat inside
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 a.b.c.177
ip route 10.50.0.0 255.255.0.0 192.168.2.67
ip route 192.168.2.0 255.255.254.0 FastEthernet0/1
ip route 192.168.6.0 255.255.255.128 FastEthernet0/0
ip route 192.168.10.0 255.255.255.128 FastEthernet0/0
ip route 192.168.24.0 255.255.248.0 192.168.2.120
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
access-list 100 deny ip 192.168.2.0 0.0.1.255 192.168.10.0 0.0.0.127
access-list 100 deny ip 192.168.2.0 0.0.1.255 192.168.6.0 0.0.0.127
access-list 100 permit ip 192.168.2.0 0.0.1.255 any
no cdp run
In short, I want to be able to visit a.b.c.178 from inside the network and see the web site running on 192.168.2.7. We do have two VPNs running to other sites (192.168.10.0/25 and 192.168.6.0/25) as well as two internal networks (192.168.24.0/21 and 10.50.0.0/16) that are used for testing.
This is called hairpinning and it is not supported on your router. But you could use dns doctoring which is the default on these routers and to achieve this you must access the ressource by name and this name-public IP mapping must exist on an external DNS server. Then when you access from inside the router will change the IP returned by the DNS server into the private IP and you won't need no hairpinning anymore.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...