I'm trying to get (what I'm guessing is) inside NAT to NAT working. The users need to be able to RDP to a term serv by using the external WAN IP address only. So whether they are internal or external, they would use the WAN IP to access the terminal server (never using the local IP).
This would be pretty simple with an internal DNS Server, but we are using ISP provided DNS through our router. Google has lead me to believe that the command "ip nat inside source static 10.0.0.5 18.104.22.168" should work, but it doesn't. In fact, when I add it in there, I lose a lot of routing capability. The following are the NAT rules I have setup so far
ip nat inside source route-map nonat interface FastEthernet4 overload
After doing some googling for the last couple of days, I have tried and failed every method I've found. I attempted to setup a NAT Virtual Interface as mentioned on this post http://community.plus.net/forum/index.php?action=printpage;topic=75490.0, but once I removed the "ip nat inside source route-map nonat interface FastEthernet4 overload", I lost all new connections (seemingly because I had just disabled NAT somehow).
Any help would be greatly appreciated.
EDIT: Uploaded my current running config. If I ended up censoring something relavent, let me know.
this is called hairpinning( accessing an inside server which is natted by its natted adress from inside) and it is not available on Cisco routers but normally dns rewrite is available by default on Cisco routers and so if the external IP has a dns record on an external server then you should be able to access the serve by name from inside or outside.
I believe we have an 800 series router and I had run across some posts referring to Hairpinning and it being a feature ASA(I think). However, a number of other posts seem to think it was possible on the routers (such as the link I mentioned in my original post). If that's not the case, then I'll let me client know and we'll move-on.
Also, unfortunately there is no domain for this client. Everything is solely IP based.
For those interested, I was able to resolve this problem using an 881 without any internal DNS solutions. I employed Cisco's NVI (Nat Virtual Interface) but had to add a "no ip redirect" to each interface with an IP address assigned to it.
Removed "ip nat outside/inside" from both interfaces and added "ip nat enable" and "no ip redirect". Added "ip nat source list INSIDE interface FastEthernet4 overload" and removed "ip nat inside source route-map nonat interface FastEthernet4 overload". I then copied the access-lists from "nonat" and added them into a new access-list called INSIDE.
Hopefully anyone else who has this problem may stumble upon this post and be able to resolve it with less google-fu than I needed.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.