Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1338
Views
0
Helpful
17
Replies

Access lan resources using wan ip address from lan

meofcourse
Level 1
Level 1

‎10-10-2008 09:57 AM - edited ‎03-03-2019 11:52 PM

Hi,

Our router (integrated services 2811) PAT to a single sub net. We have a web server located on the sub net.

When using public DNS from a computer on the LAN (other than the web server) we obviously get the public IP address for our website. This results in the request being sent to the WAN port of the router. Even though the router is configured to forward port 80 on the WAN port to the web server, it does not forward the request if the request originally came from the LAN.

Quite simply, the question is: How do you forward LAN requests made to the public IP address (WAN) on the router back into the LAN?

From what I have found online is that this is nearly impossible to do. If it is, why? A cheap Lynksys router does it quite easily.

Labels:
0 Helpful
17 Replies 17

meofcourse
Level 1
Level 1
In response to meofcourse

‎10-10-2008 01:35 PM

Going home now so won't be back till Tuesday (long weekend). Will continue the discussion then.

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to meofcourse

‎10-10-2008 01:43 PM

Here's the issue (I think)

I don't know about Microsoft's VPN server (Remote Access Server?), but you should find a way to tell it to NOT nat traffic destined for the 10.10.130.0 subnet, but you can NAT everything else.

What I think is happening is the network on your side is the return traffic is being natted which is why your clients on the dial up side can't see the DNS server on it's private interface.

The two endpoints of the VPN (both public interfaces) are transparent after a VPN tunnel is established. The private networks on both ends should be like it's in your same office. When a person from the 10.10.130.0 network makes a request to the 10.10.10.0 network, it shouldn't be natted at all, and you should find a way to exclude those. Can you ping a host across the tunnel? If not, you are trying to nat the connection.

Here's a starting point:

http://technet.microsoft.com/en-us/library/cc780391.aspx

Hopefully this helps.

John

HTH, John *** Please rate all useful posts ***
0 Helpful

meofcourse
Level 1
Level 1
In response to John Blakley

‎10-14-2008 07:43 AM

Hi again.

We can currently ping from any host on the main network (the one with the web server) to any vpn connected client (such as a server in a remote site). We can only ping from the client connected to the VPN in the remote office to any client in the main office as expected.

I suppose that if we would enable Routing and Remote access on the servers that then we would be combining all our networks into one routed network. We could then set the DNS to the internal IP address of the web server. The problem I see with that is that the entire network will be browse-able by any client. I am not aware of any way to turn off network discovery over a VPN hosted by a Microsoft OS. Also, should one of our offices be infected with a virus, this could increase how wide spread of an impact it has.

Thoughts?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card