Strange? NAT behavior on cisco 2651

Posted on 2003-03-29
Medium Priority
Last Modified: 2010-04-17
I'm running 2 private networks(192.168.2.x and 192.168.3.x) off of a cisco 2651 with two ethernet interfaces. I have a full T1 to the internet. I'm using NAT and all works fine - unless I try and access one of my public IP addresses from one of the private networks. In other words, my web server is My public ip of is mapped to that address. It works fine from the outside. On the inside, if I enter the public IP into a web browser on the internal network I get nothing. If DNS (on my ISP) is used to resolve a my domain to the public address, then it works fine from inside. A straight public IP just doesn't work from inside. Any thoughts?
Question by:digichip
  • 2
LVL 79

Accepted Solution

lrmoore earned 300 total points
ID: 8231392
This is a fairly common misconception of how NAT/routing work.
your internal clients can only access the internal IP address, not the public address.
You can setup your own DNS server, and you only need the one web servers IP address in it, with forwarders pointing to the ISP dns. This will let your internal users resolve www.yourcompany.com to the internal address, and the rest of the world resolves to the external public address.
Or, you can install a host file on every PC with the internal IP address of the web server. Try it on one system.

Author Comment

ID: 8231481
Thanks for your quick answer. I suspected something like that, but wasn't sure. I'm attempting to access a video file on my internal web server. The calling page is actually hosted externally on a Verizon server. I'm not sure why a direct IP request from an external web page should fail, but I assume it's because the page gets loaded onto my client (internally) before the request for the video file is made (using the external IP). At least now that I know it's not suppoed to work how I was trying to make it work I can focus on making it work some other way...


LVL 79

Expert Comment

ID: 8725679
No comment has been added lately (77 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

RECOMMENDATION: Award points to lrmoore

Please leave any comments here within 7 days.



EE Cleanup Volunteer
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers,
please post comments here where a Moderator will see it.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question