Internal web requests behind PAT enabled CPE

dan.porter · ‎06-02-2002

A PC and a webserver are on the same LAN behind a CPE running PAT. All web requests from WAN side are successfully translated and forwarded to the webserver. The PC is able to make port 80 requests to the webserver via private IP, however when the same PC is making port 80 requests to the webserver using DNS (public IP address), the CPE doesn't seem to translate it . Can someone clue me into what configlets I'm missing that can resolve this dilemma? Relevant config as follows

interface Ethernet0

description LAN

ip address 192.168.0.1 255.255.255.0

ip nat inside

!

interface ATM0.1 point-to-point

description WAN

ip address 161.15.15.2 255.255.255.252

ip nat outside

pvc 0/50

encapsulation aal5snap

!

ip nat translation timeout 3600

ip nat inside source list 1 interface ATM0.1 overload

ip nat inside source static tcp 192.168.0.2 110 161.15.15.2 110 extendable

ip nat inside source static tcp 192.168.0.2 25 161.15.15.2 25 extendable

ip nat inside source static tcp 192.168.0.2 80 161.15.15.2 80 extendable

!

access-list 1 permit 192.168.0.0 0.0.0.255

svermill · ‎06-03-2002

Where is the DNS? Inside or outside?

svermill · ‎06-03-2002

Since you said that the "CPE" wasn't translating, I'll assume the DNS is outside. I think that you probably need to translate the DNS response, which likely includes the public IP of 161.15.15.2 - which doesn't exist on the LAN. I believe NAT can reach into the payload and translate the DNS response to the local address. Check out the very last question in this NAT Q&A and see if it sounds like your issue:

http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/prodlit/iosnt_qp.htm