Please help me on this.
We have a Cisco router in our network. We have configured many port forwarding in the router and all are working fine. One of my application is forwarded to the port 8080 from outside to inside. We can access that application from external network using the Public IP, also we can access the same from inside network using private IP. My requirement is, I need to access the same from inside network using Public IP. How can I do that??
Solved! Go to Solution.
I believe it to do the way Domain NAT works regarding inside and outside nat order.
Accessing the application via the internal subnet is fine as no nat is occurring however when you need to access the same application via its external natted address from within the internel lan itself the way nat is perform could be the problem.
My understanding of this may be incorrect, so I hope someone on these forums will be able to validate these next steps:
Inside nat - routing perform before NAT
Outside nat - Nat perform before routing
1) packet is indicted from a inside lan towards a natted outside IP address
2) Outside NAT occurs and then RIB table lookup is performed then routed to destination inside ip
3 The returning packet performs a RIB table lookup first BEFORE NAT occurs and sees that the destination address is on its local subnet so nat is NOT initiated on the returning path and routes locally
4) The returning packet will be dropped because by the router sees the returning packet scr address is different then the natted address the router is expecting.
2 routing lookups are performed before and after translation so the returning packet will be successful due to these rib lookups and translation being preformed the same in either direction.
FYI - I have labbed this up regards Domain-less Nat and it seems to work - please review the attached file.
As I have stated this may be incorrect and I hope someone else could validate this.
Sounds like Destination NAT could be applicable - in relation to the order of NAT - however never tried this with domain NAT
inside nat - Routing first
outside nat - Nat occurs first
ip nat outside source static tcp (public-ip) (translated local-ip) 80
ip route (translated local-ip) 255.255.255.255 (public-ip)
Great.....!!!!!!!!!! It worked. Thank you so much Paul for the help. Now I can access the apps with the public IP from inside as well as outside. Many thanks.....
Can you please post the config of the router with the changes in place that allows you to access inside apps using the public ip?
I have the same issue and i just can't make it work... I am missing something and i can't figure it out. My current config is attached.
Thank you Ejaz!!!
i was missing the "no ip redirects" line on my router interfaces. Not sure how this works but now everything is fine.
again... Thank you!!!!
I am having a similar issue on my network. I needed to access a web application on my internal network from outside. I have ASA version 9 sitting on the inside. Here is my configuration, but it seems not working;
We have encountered this type of req before and our answer was to use DNS Doctoring. The below links describe the solution when using the ASA platform.
Hope this helps.