Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco Translation

Posted on 2014-02-25
6
Medium Priority
?
539 Views
Last Modified: 2014-03-04
Hi all,

I have a cisco translation problem that I need help with. If users from the inside LAN go to the external IP address(from web browser), they are met with cisco web interface. I need to translate the external IP(from inside LAN) to another internal IP address - for example if users go to external address of 194.110.xxx.xx from the inside LAN(using a browser) they are redirected to the inside IP address of (10.9.50.252) .

It works from the outside, as if I use the external IP address from another location, I get translated to the inside LAN IP, but it doesn't work when I try to connect to the outside IP aadress from the inside LAN. Any suggestions ?


Thanks in advance.
0
Comment
Question by:ht_comp
6 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 39885609
What device will be doing the translation (make, model), and what version of code are you running?
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 1500 total points
ID: 39885867
Its called NAT reflection in Cisco and Loopback policy in Sonicwall.

NAT reflection is not supported in Cisco routers. But we can configure zones to achieve it on Cisco routers. In ASA/PIX its configurable because they are zone based.

Here is some good discussions, you might be interested in.

Link1 - NAT Reflection
Link2 - for ASA
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39885889
My question is why do you want internal users accessing the external ip address. Why not the internal?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 11

Expert Comment

by:Miftaul
ID: 39885931
We had a similar issue accessing a server behind sonicwall, we were using FQDN to access the server and the DNS didn't have split brain and was resolving to public IP and as a result, internal hosts from the LAN were unable to access the server using FQDN.

We actually did split brain so for for internal hosts dns resolved the FQDN to internal IP and not the public IP.
0
 

Author Comment

by:ht_comp
ID: 39891154
We are using Cisco 891 with version 15.0(1)M4 so that probably rules out the zone based configuration.

We need the NAT reflection in 2 different ciscos actually (both 891).

In the first cisco we need internal users accessing the external IP because some mornings the DNS query redirects users onto the external IP instead of the internal IP and because of that the certification with the FQDN fails - I know, there must be a way to resolve the issue, rather than try to make a NAT reflection but I hope there's a way to do it with cisco as well.

In the second cisco, users on the Guest Wifi are not allowed to access internal IP-s but they sometime need access to resources such as ftp. They are redirected to the external IP, but because they can't access it from the internal LAN.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39891299
Have you tried configuring ZBF of 891.  You need to have zones for NAT reflection.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question