Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
4
Replies

Accessing local machines behind a NAT using public addresses

msmbarab
Level 1
Level 1

‎11-15-2002 10:38 AM - edited ‎03-02-2019 02:55 AM

Hello,

I have configured my Cisco 2610 XM with both static and dynamic NAT. The servers on the internal network can be accessed from outside using addresses and ports specified in static nat entries. A problem comes out when I need to access an internal machine using its public ip address (outside local) from another internal machine. In this case the connection is not set up. If I try to connect to the same machine (same public ip address/port) from outside the connection is estabilished.

I need to access local machines using public addresses because those ips are returned by my DNS server.

Do I have to configure an internal-network DNS server that resolves names to private ip addresses or is there a way to configure NAT to allow packets to "go out and then come in again"?.

Thanks in advance

Labels:
0 Helpful
4 Replies 4

thisisshanky
Level 11
Level 11

‎11-15-2002 10:57 AM

Does the machine on the inside, with the public address, having a local private address ?

If thats the case, you can remap the public IP resolved in the DNS reply, to that private address, so that when the clients get the dns reply, they will see only the private IP and not the public IP. Hence those clients would directly communicate with the machine (which you want to access using public IP).

THis is how it works.

Clients on the 10.x.x.x network send a DNS request. DNS request goes to DNS server outside the NAT domain. Due to ip nat inside command on the router, source address does get translated.

Now on the DNS reply, the payload of the DNS reply has the public IP of the host you want to access. We need to translate it to a local 10.x.x.x address, so that your clients can access the host directly, without the router intervention.

Use a ip nat outside source, command, which will make the router, change the payload of the DNS reply. So once you do this, the clients will see the DNS name of the host resolved into a private 10.x.x.x address, rather than the public IP.

Hope this helps!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

msmbarab
Level 1
Level 1
In response to thisisshanky

‎11-15-2002 12:28 PM

Thank you very much for your reply

Yes, the machine on the inside has got an internal address and I need to access it from the internal network but using its public ip address.

I have tried the ip nat outside source static but the command takes only an outside global and an outside local ip address as parameters. If I have understood what you meant, don' t I need to translate an outside local address to an inside local one? How can I do that with this command?

Thank you once again

0 Helpful

thisisshanky
Level 11
Level 11
In response to msmbarab

‎11-15-2002 12:48 PM

What you should be doing is, simply add a static outside to inside mapping as follows

ip nat outside source static

where global ip is public IP of host, and local ip is the private ip of host. (host is the PC which you want to access.

Mode of access to this host from clients should be using DNS and not public IP. Hope this helps!

This should work.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

msmbarab
Level 1
Level 1
In response to thisisshanky

‎11-16-2002 09:34 AM

Hi,

I have tried to insert that line in the NAT configuration but it still doesn' t work. With that line even connections from the outside don' t work.

What should I try?

Thanks

0 Helpful
Customers Also Viewed These Support Documents