Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
1
Replies

Routing with 1841

mjames_wdd
Level 1
Level 1

‎11-17-2011 06:06 AM - edited ‎03-07-2019 03:27 AM

I've got an 1841 router and am using NAT to expose certain IPs and ports to the outside world so that external users can see internal resources (namely, web sites).  However, I can't seem to get it running such that I can visit the external IP address from inside the network and get the router to turn the request around so that it is redirected back inside the network.  Shouldn't this be possible?  Our previous router (a non-Cisco) was able to do this, but I can't seem to get the new one to do it.

A couple of key config lines:

interface FastEthernet0/0

ip address a.b.c.178 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

crypto map aesmap

!

interface FastEthernet0/1

description $ES_LAN$

ip address 192.168.3.1 255.255.254.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 a.b.c.177

ip route 10.50.0.0 255.255.0.0 192.168.2.67

ip route 192.168.2.0 255.255.254.0 FastEthernet0/1

ip route 192.168.6.0 255.255.255.128 FastEthernet0/0

ip route 192.168.10.0 255.255.255.128 FastEthernet0/0

ip route 192.168.24.0 255.255.248.0 192.168.2.120

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 100 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.2.7 80 a.b.c.178 80 extendable

!

access-list 100 deny   ip 192.168.2.0 0.0.1.255 192.168.10.0 0.0.0.127

access-list 100 deny   ip 192.168.2.0 0.0.1.255 192.168.6.0 0.0.0.127

access-list 100 permit ip 192.168.2.0 0.0.1.255 any

no cdp run

!

In short, I want to be able to visit a.b.c.178 from inside the network and see the web site running on 192.168.2.7.  We do have two VPNs running to other sites (192.168.10.0/25 and 192.168.6.0/25) as well as two internal networks (192.168.24.0/21 and 10.50.0.0/16) that are used for testing.

Any thoughts?  Thanks - Matt

Labels:
0 Helpful
1 Reply 1

cadet alain
VIP Alumni
VIP Alumni

‎11-17-2011 07:41 AM

Hi,

This is called hairpinning and it is not supported on your router. But you could use dns doctoring which is the default on these routers and to achieve this you must access the ressource by name and this name-public IP mapping must exist on an external DNS server. Then when you access from inside the router will change the IP returned by the DNS server into the private IP and you won't need no hairpinning anymore.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card