Solved

Cisco routing

Posted on 2013-06-28
5
318 Views
Last Modified: 2013-09-05
I have a cisco 1841 running OS version 12.4.


interface FastEthernet0/0
 description Internet Connection
 ip address 63.41.101.104 255.255.255.248
 ip access-group fromoutside in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect in2out out
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
 crypto map RTPCLIENT
!

I'm using static nating for map routes from the outside. Everything is working great on the router. Two specific rules are setup to allow an iPad app to run from an internal network server.

ip nat inside source static tcp <server ip address> <port no.> <63.41.101.104 <port no.> extendable
and
permit tcp any host 63.41.101.104 eq <port no.>

I can access the app form outside the network but not from inside the network.
How do I set NAT and/or access-list to access the app from inside the network?

Supplemental:  Web Server is Debian Linux and firewall rules are turned off.
0
Comment
Question by:Justin Moore
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 24

Expert Comment

by:smckeown777
ID: 39285545
Not sure this has anything to do with your router...when you are on the inside of the network you access the app using the internal ip address...are you saying this isn't working?
0
 
LVL 9

Author Comment

by:Justin Moore
ID: 39285622
No, it is accessing the router. The vendor who created the app has it pointing to the routers external IP address and they won't change it. The simplest method would be to change the app to point to the server's host name but the vendor can't/won't do that either.

I specifically need a way to reverse the query from the router back to the server.
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 300 total points
ID: 39285652
Don't you just love 'vendors'...

I've no clue how to do this, not even sure it can be done...normal way to get around this type of issue is to have a dns host record on the inside(with same name as your external domain host name for example) pointing to the internal ip instead of the external ip...but since you aren't using hostnames obviously this isn't going to be much help...

I'd be interested to see if anyone else has a way to do this...or better yet switch vendors cause that's a ridiculous answer from a vendor in my opinion...who uses ip addresses these days...
0
 
LVL 11

Assisted Solution

by:naderz
naderz earned 200 total points
ID: 39286035
Here is a crazy idea. The 192.168.2.5 address below would be your inside IP address. This will either work or confuse the hell out of the router with the other NAT :)

try NATing the destination address for packets coming from inside:

If you get a rotary-type warning, ignore that and see what happens.


ip nat pool nat_dest 192.168.2.5 192.168.2.5 netmask 255.255.255.255
ip nat inside destination list 60 pool nat_dest

access-list 60 permit 63.41.101.104
0
 
LVL 2

Expert Comment

by:adrianuta2004
ID: 39467537
on cisco 1841 you cannot acces your server from inside using public ip adress. Only ASA knows from the begging that your ip is nated to an inside address, the process is named  hairpinning.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question