Solved

Rerouting outside IP to local 192 address using static route

Posted on 2003-12-03
7
2,157 Views
Last Modified: 2010-04-17
I have a cisco 1710 with a fast ethernet and an ethernet port.  The ethernet port is our outside static IP and the fast ethernet is our local 192 address.  I'd like to set up a static route so when someone tries to access an outside IP address it reroutes them to a 192 adress of one of the machines on our local LAN.  Is this at all possible or should I just try it making an A record on my DNS server?
0
Comment
Question by:confusedit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 9870941
Confusedit;

Is there specific TCP/IP ports that you want to do this for????

You can do a nat translation as follows

ip nat inside source static tcp 192.168.1.x 80 interface ethernet 0 80  

Where your outside address is on ethernet 0 and the port you want to translate is 80....

you can try this

ip nat inside source static 192.168.1.x interface ethernet0  

This will statically map all inbound requests to the internal address of 192.168.1.x but may also cause some undesirable effects....

What does your current configuration look like?  
How many IP addresses do you have?
And what are you trying to accomplish?

Thanks
Scott
0
 
LVL 13

Expert Comment

by:td_miles
ID: 9870942
Sounds like you need to use NAT. Have a read of this doc:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

and see if it helps. Does this router currently connect you to the Internet ? If so, then it probably already has NAT setup for outbound translation. If thats the case, the config might look something like this:

============
interface ethernet0
 ip address w.x.y.z   (Internet IP address of router)
 ip nat outside

interface fastethernet0
 ip address 192.x.y.z (internal IP address)
 ip nat inside

ip nat inside source list 1 interface ethernet 0 overload

access-list 1 permit 192.x.y.z 0.0.0.255
============

To which you'll need to add:

ip nat inside source static tcp 192.x.y.z 80 w.x.y.z 80

Which would allow users on the Internet to access a web server on the IP w.x.y.z which would get translated to the internal IP 192.x.y.z

0
 

Author Comment

by:confusedit
ID: 9871070
OK it seems I did bad wording the question in such a hurry.  I already have NAT translations that work for people trying to access my servers from outside my network.  Here is the setup basically....

ip nat inside source static tcp 192.x.x.5 80 22.x.x.16 80 extendable
ip nat inside source static tcp 192.x.x.5 25 22.x.x.16 25 extendable
ip nat inside source static tcp 192.x.x.5 110 22.x.x.16 110 extendable                                                  
ip nat inside source static tcp 192.x.x.4 21 22.x.x.15 21 extendable
ip nat inside source static tcp 192.x.x.4 80 22.x.x.15 80 extendable

Now let me explain my situation a little better.  My LAN IPs start with 192 of course and my assigned static ip's would be 22.x.x.15 and 22.x.x.16

Now it translates fine if someone is outside the network and accessing the .15 or .16 adress
It also translates fine if from inside the network I access the 192.x.x.4 or 192.x.x.5 adresses

It doesn't however work from inside the network trying to access the 22.x.x.15 or .16
For example 192.x.x.4 aka 22.x.x.15 is my webserver.
If I type 192.x.x.4 while on the LAN it works
If I type 22.x.x.15 while outside the LAN it works
If I type 22.x.x.15 from inside the LAN it will not resolve the webpage

I hope this is clear enough because it seems like there was some confusion from the above responses.  I do appreciate your help guys.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Accepted Solution

by:
Scotty_cisco earned 50 total points
ID: 9871100
Confusedit;

There are 2 ways to go about this that would work.

1: Put host files in every PC on your local LAN so that when they do a DNS lookup that they already have the inside address.
2: Have your DNS do either split zones for inside network requests and specify them in a DNS record.  (outside would get a public address)


Or you could always (if you have enough hardware) just create an internal DNS server for all of your local lan clients to use rather than doing split zones.

NAT will not do what you want it to do in this case.

Thanks
Scott
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9874402
scotty is right. What you are trying to do simply does not work on a Cisco router, and you'll never get it to work. The packets must actually traverse the interfaces to hit the nat rule.
The NAT translation only works as an outside packet comes in through the outside interface - then it gets forwarded to the proper inside host.
A packet sourced from the inside LAN would have to actually go out of the router, hit another router to be turned back around and come back in the outside interface.

I've worked with Cisco TAC trying to find a workaround. There is an article on CCO that explains "nat on a stick" that looked promising using a loopback as an interface, but still does not work, and is not supported by TAC.

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9874412
The PIX has a capability to do just what you want with the "alias" command, but there is simply no equivalent in router IOS.
0
 

Author Comment

by:confusedit
ID: 9888902
I realized after posting this it would just be easier to add local record to my local DNS.  I'm not sure about how exactly split zones should work.  Thanks for the help guys.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question