Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

accessing problem to the servers on public ip from internal

we have somany public ip which we natted to our local server ips.now from internet we are able to access those public ip.from internal network we can access those servers with local ips but not able to access those servers with those natted public ip and we want to access those servers with natted public ip also for our project.need help on this.

8 REPLIES

Re: accessing problem to the servers on public ip from internal

Can you post the NAT configuration.

New Member

Re: accessing problem to the servers on public ip from internal

hello goutam,

the nat configuration is given below,

ip nat inside source static 10.1.x.249 61.xx.xxx.87

ip nat inside source static 10.1.x.154 6x.xx.xxx.71

ip nat inside source static 10.1.x.251 61.xx.xxx.75

now this servers are accessable from internet through the public ip, and from internal through private ip. but i want to access this servers from internal through public ip.how could i achieve this.

Re: accessing problem to the servers on public ip from internal

Dear Parba,

IF you have a CISCO PIX/FireWall, so you can go for DNS-Doctoring.

i.e.

static (dmz,outside) PUBLIC_IP PRIVET_IP netmask 255.255.255.255

static (dmz,inside) PUBLIC_IP PRIVET_IP netmask 255.255.255.255

If, you do not have a Cisco PIX/ FireWall then you are opening a Deep Security Hole.

Thanks

Goutam

New Member

Re: accessing problem to the servers on public ip from internal

hello goutam,

static (dmz,inside) PUBLIC_IP PRIVET_IP netmask 255.255.255.255 in this cmd which ip should i give as PUBLIC_IP whether the DMZ Server or Public Server IP? After doing this should i access this server from internal network with the Global Public ip?

Thanks,

Parba

Re: accessing problem to the servers on public ip from internal

Actually Public IP is the Live IP from which user can access ur server from internet and Private Ip is equivalent to DMZ or the ip that can be accessed from your inside network.

But to be very frank this two commands are perfect for Cisco PIX firewall, but this process, DNS DOCTORING , enabled by default in cisco routers. You better search some documents on DNS Doctoring in Cisco routers before configuring that.But it can be done in this way that's true.

New Member

Re: accessing problem to the servers on public ip from internal

Hi,

what is dns doctoring.

regards

skrao

Re: accessing problem to the servers on public ip from internal

Re: accessing problem to the servers on public ip from internal

According to CISCO:-

DNS doctoring allows the security appliance to rewrite DNS A-records.

DNS rewrite performs two functions:

Translates a public address (the routable or mapped address) in a DNS reply to a private address (the real address) when the DNS client is on a private interface.

Translates a private address to a public address when the DNS client is on the public interface.

More details pls visit: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml

Pls rate if it works.

Goutam

352
Views
0
Helpful
8
Replies