Solved

cant reach company website from internal lan....can reach it from external ip

Posted on 2006-06-17
3
564 Views
Last Modified: 2012-06-27
hi, thanks for your help.

first of all..i am a novice at configuring IOS. i have configured it so far for ftp..internet access for the network...remote desktop..etc. my problem now is....i cannot reach my webserver or remote in from within my lan. i can reach it from home..no problem. and i can also remote into the server from home as well..no problem. here is my running config:


Building configuration...

Current configuration : 3187 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$NN29$4LNrKgKxgVqNtGrOvT.r8/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip name-server 24.xx.xx.xx
ip name-server 24.xx.xx.xx
ip ddns update method sdm_ddns1
 HTTP
 
!
username xxxx privilege 15 secret 5 $1$4wnn$8.2XqyZae9xiXTvMylH18.
!
!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
 ip address 24.xxx.xxx.66 255.255.xxx.xxx
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 24.97.171.65 permanent
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 5 interface FastEthernet0/1 overload
ip nat inside source static 10.10.10.58 24.xxx.xxx.66

!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 10.10.10.0 0.0.0.7
access-list 5 remark SDM_ACL Category=16
access-list 5 permit 10.10.10.0 0.0.0.255
access-list 100 remark SDM_ACL Category=16
access-list 100 permit tcp any host 24.xxx.xxx.66 eq www
access-list 100 permit tcp any host 24.xxx.xxx.66 eq ftp
access-list 100 permit tcp any host 24.xxx.xxx.66 eq ftp-data
access-list 100 permit tcp any host 24.xxx.xxx.66 eq www
access-list 120 remark SDM_ACL Category=16
access-list 120 permit tcp any host 24.xx.xxx.66 eq 3389
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end

thanks again!

mike
0
Comment
Question by:mmelody22
3 Comments
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 250 total points
ID: 16928473
What you are having is a DNS resolution problem. When you type in your browser 'www.mydomain.com', it gets resolved to a public ip and when it reaches your domain, it get converted to your private ip and that is why you can't reach it within lan.

So one of the ways to resolve this would be to put an 'alias' in your internal DNS server to resolve 'www.mydomain.com' to the 'internal ip' of that machine and it will resolve.

Cheers,
Rajesh
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 16929515
> cannot reach my webserver or remote in from within my lan
Correct. This is proper Cisco behavior.
Internal clients will never be able to reach internal resources using public IP addresses.
Your internal clients have to resolve www.yourdomain.com to the private 10.10.10.x IP address
Workarounds include setting up your own DNS server with both A and CNAME records for the web site or using individual hosts files.
If you only use public DNS servers, then an alias won't do you any good.
0
 

Author Comment

by:mmelody22
ID: 16939292
thanks guys..i split the points since both of you put me on the right track.

thanks again
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now