Solved

NAT Inside to Inside

Posted on 2009-06-28
2
784 Views
Last Modified: 2012-05-07
I have an internal network, with an internal mail server.

When I do an DNS lookup for my mail server, it goes to

203.xxx.xxx.xx which is a public address.

The router is set up to do a port forward back to the internal 192.168.2.2 address if it's an external address.

However, the traffic doesn't seem to reach the mail server when the client is internal.

How do I setup the CISCO 877 router to

1. Do NAT from Inside to outside, then outside to Inside. Meaning a internal client trying to access an internal server with an external address.

I don't want to manage an internal DNS server just for this.

Thanks
0
Comment
Question by:binele
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 24733249
Your best bet is an internal web server, or even host files if internal clients are few and are desktops. The problem is with the order of packet processing and NAT and this "hairpin" feature is not supported in IOS.

If the client resolves to the public ip address, and receives a packet from the private address of the server, the client drops the packet.
We can fix this with a feature of ASA firewall called 'dns doctoring' which actually intercepts the dns request that comes back from the external dns server and replaces the public ip with the private ip, so as far as the client is concerned, it resolved to the internal IP. No such luck or feature on IOS router.
0
 
LVL 4

Accepted Solution

by:
nasirsh earned 500 total points
ID: 24734350
Why do you want your internal Clients to access your mail server via outside. You can give them access to it via its internal IP. If you want to give them the external access then you have to fo outside-inside NAT and vice versa to your mailserver and make sure that your mailserver has the default gateway of the routers internal Interface.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question