?
Solved

NAT Inside to Inside

Posted on 2009-06-28
2
Medium Priority
?
786 Views
Last Modified: 2012-05-07
I have an internal network, with an internal mail server.

When I do an DNS lookup for my mail server, it goes to

203.xxx.xxx.xx which is a public address.

The router is set up to do a port forward back to the internal 192.168.2.2 address if it's an external address.

However, the traffic doesn't seem to reach the mail server when the client is internal.

How do I setup the CISCO 877 router to

1. Do NAT from Inside to outside, then outside to Inside. Meaning a internal client trying to access an internal server with an external address.

I don't want to manage an internal DNS server just for this.

Thanks
0
Comment
Question by:binele
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 24733249
Your best bet is an internal web server, or even host files if internal clients are few and are desktops. The problem is with the order of packet processing and NAT and this "hairpin" feature is not supported in IOS.

If the client resolves to the public ip address, and receives a packet from the private address of the server, the client drops the packet.
We can fix this with a feature of ASA firewall called 'dns doctoring' which actually intercepts the dns request that comes back from the external dns server and replaces the public ip with the private ip, so as far as the client is concerned, it resolved to the internal IP. No such luck or feature on IOS router.
0
 
LVL 4

Accepted Solution

by:
nasirsh earned 2000 total points
ID: 24734350
Why do you want your internal Clients to access your mail server via outside. You can give them access to it via its internal IP. If you want to give them the external access then you have to fo outside-inside NAT and vice versa to your mailserver and make sure that your mailserver has the default gateway of the routers internal Interface.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question