I have setup nat on three sub interfaces but when trying to browse to local servers, such as our web server, that have been translate, we get a prompt to logon to the router. I suspect these internal addresses should not be natted for local users.
yes really. I've heard on NAT on a stick configuration to bypass this limitation but I've never tried it and sometimes it can be more trouble than good.
So use the private address when inside your LAN or use FQDN.
For the latter, as DNS rewrite should be configured by default on Cisco routers you can leverage this feature by having an A record on an external DNS server and so when accessing the server from inside the DNS reply from the outside DNSserver should be rewritten to givez you the private address of the server.
You could also use an internal DNS server with records for the internal server with the private address.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...