Solved

Routing DNS from external to internal addresses

Posted on 2010-08-25
17
761 Views
Last Modified: 2012-05-10
Hi Guys,

We've got 4 VM servers which are named vm1.domain.local vm2.domain.local etc and we can access them through web browser to the relevant address.
We have access to our external DNS records so how would i go about setting this up externally and internally so that we can access these VM's for an external source (i.e we can type in https://vm1.domain.com
I've added the vm1, vm2 etc to the external dns and pointed them to our external IP but as we have 6 servers i'm not sure where this would go.
Hope this makes sense and hope you can help
Thanks
0
Comment
Question by:Netexperts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
  • +2
17 Comments
 
LVL 6

Expert Comment

by:jkratzer
ID: 33521297
You will just need to add the DNS records to your internal and external DNS server registrations.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33521304
It's enough! Even more! You can set both servers there. Or for lerning, install W2K8 with Hyper-V and then as guest OS install W2K3 and W2K8. You will be able to use both servers.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33521310
I am sorry , wrong window :(
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 2

Expert Comment

by:clniesen
ID: 33521322
You would need to set up NAT and/or PAT translations on your firewall or router.  How many external IPs do you have?  If you only have 1 external IP, you will need to use PAT (Port address translation) on your router or firewall.  For instance, from outside the network you will need to go to https://vm1.domain.com:8443 for server 1, https://vm2.domain.com:8444 etc.  What are you using for a router and/or firewall?
0
 
LVL 2

Expert Comment

by:Tordan
ID: 33521377
If I understand the questions correctly you have 6 servers that you want to be able to access from outside your network, but you only have one IP address?

The two most common ways to make this happen are:

1. Obtain a larger IP block with from your ISP and use separate external IP addresses
2. Create one more web server. vm.domain.local. and point your external DNS at it. On this server you redirect the host name to one of the other servers. so if vm.domain.local gets a request for vm1.domain.local it knows to send the request to the appropriate server.  This is called a front end server.

The second value of option number 2 is that you can provide additional security on the front end server.
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33521388
We have a Cisco 870 in place.
0
 
LVL 2

Expert Comment

by:clniesen
ID: 33521964
For the Cisco 870, do this for each vm server, using a unique port for each:

http://portforward.com/english/routers/port_forwarding/Cisco/Cisco800Series/default.htm
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33522147
Thanks,

I've added one of the VM's to test through the Cisco and not sure if i type this in the correct format but i did https://vm1.domain.com/tsweb:port  from an external machine's browser this then gave me a certificate warning and then when i accepted it i got HTTP 404 not found.

Any ideas ?
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33522248
I'm trying to get onto the TSWEB page of each VM by the way, so servername/tsweb
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33522442
I've just notice by running the show ip interface after that the ports show but there's no Outside Local or Outside Global entries after them like the one's already there. Is this an issue ?
0
 
LVL 2

Expert Comment

by:clniesen
ID: 33523597
Try https://vm1.domain.com:port/tsweb  -  that should do the trick
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33530680
Still no good.
Do i need a firewall rule as well as a NAT rule ?
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33530842
I've just thought................would i need to get TSWEB to listen on that specific PORT ?
0
 
LVL 2

Expert Comment

by:clniesen
ID: 33531088
Use a different port for external IP, and same port inside IP is listening on.  E.g.

ip nat inside source static tcp 172.16.2.60 443 interface BVI1 8443

ip nat inside source static tcp 172.16.2.61 443 interface BVI1 8444

If you are using a firewall yes you would need firewall rules as well to allow those ports.  If you have remote access via a Vpn, that would be easier.  
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33531940
Have you got the command (or what to do in the GUI) for the Firewall rules ?
0
 
LVL 2

Accepted Solution

by:
clniesen earned 500 total points
ID: 33540897
# conf t
(config)# access-list 103 permit tcp any eq 8443 host 172.16.2.60 eq 443
(config)# access-list 103 permit tcp any eq 8444 host 172.16.2.61 eq 443
(config)# access-list 103 deny ip any any      

(config)# interface fastethernet 1 (choose outside interface of router)
(config)# ip access-group 103 in
0
 
LVL 1

Author Closing Comment

by:Netexperts
ID: 33542358
YOU ARE A STAR !!!!!!!!
(that means it worked)

Many Thanks
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question