• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 323
  • Last Modified:

Cisco routing

I have a cisco 1841 running OS version 12.4.

interface FastEthernet0/0
 description Internet Connection
 ip address
 ip access-group fromoutside in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect in2out out
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
 crypto map RTPCLIENT

I'm using static nating for map routes from the outside. Everything is working great on the router. Two specific rules are setup to allow an iPad app to run from an internal network server.

ip nat inside source static tcp <server ip address> <port no.> < <port no.> extendable
permit tcp any host eq <port no.>

I can access the app form outside the network but not from inside the network.
How do I set NAT and/or access-list to access the app from inside the network?

Supplemental:  Web Server is Debian Linux and firewall rules are turned off.
2 Solutions
Not sure this has anything to do with your router...when you are on the inside of the network you access the app using the internal ip address...are you saying this isn't working?
jmac44Author Commented:
No, it is accessing the router. The vendor who created the app has it pointing to the routers external IP address and they won't change it. The simplest method would be to change the app to point to the server's host name but the vendor can't/won't do that either.

I specifically need a way to reverse the query from the router back to the server.
Don't you just love 'vendors'...

I've no clue how to do this, not even sure it can be done...normal way to get around this type of issue is to have a dns host record on the inside(with same name as your external domain host name for example) pointing to the internal ip instead of the external ip...but since you aren't using hostnames obviously this isn't going to be much help...

I'd be interested to see if anyone else has a way to do this...or better yet switch vendors cause that's a ridiculous answer from a vendor in my opinion...who uses ip addresses these days...
Here is a crazy idea. The address below would be your inside IP address. This will either work or confuse the hell out of the router with the other NAT :)

try NATing the destination address for packets coming from inside:

If you get a rotary-type warning, ignore that and see what happens.

ip nat pool nat_dest netmask
ip nat inside destination list 60 pool nat_dest

access-list 60 permit
on cisco 1841 you cannot acces your server from inside using public ip adress. Only ASA knows from the begging that your ip is nated to an inside address, the process is named  hairpinning.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now