Cisco Translation

ht_comp
ht_comp used Ask the Experts™
on
Hi all,

I have a cisco translation problem that I need help with. If users from the inside LAN go to the external IP address(from web browser), they are met with cisco web interface. I need to translate the external IP(from inside LAN) to another internal IP address - for example if users go to external address of 194.110.xxx.xx from the inside LAN(using a browser) they are redirected to the inside IP address of (10.9.50.252) .

It works from the outside, as if I use the external IP address from another location, I get translated to the inside LAN IP, but it doesn't work when I try to connect to the outside IP aadress from the inside LAN. Any suggestions ?


Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
What device will be doing the translation (make, model), and what version of code are you running?
Its called NAT reflection in Cisco and Loopback policy in Sonicwall.

NAT reflection is not supported in Cisco routers. But we can configure zones to achieve it on Cisco routers. In ASA/PIX its configurable because they are zone based.

Here is some good discussions, you might be interested in.

Link1 - NAT Reflection
Link2 - for ASA
SouljaSr.Net.Eng
Top Expert 2011

Commented:
My question is why do you want internal users accessing the external ip address. Why not the internal?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

We had a similar issue accessing a server behind sonicwall, we were using FQDN to access the server and the DNS didn't have split brain and was resolving to public IP and as a result, internal hosts from the LAN were unable to access the server using FQDN.

We actually did split brain so for for internal hosts dns resolved the FQDN to internal IP and not the public IP.

Author

Commented:
We are using Cisco 891 with version 15.0(1)M4 so that probably rules out the zone based configuration.

We need the NAT reflection in 2 different ciscos actually (both 891).

In the first cisco we need internal users accessing the external IP because some mornings the DNS query redirects users onto the external IP instead of the internal IP and because of that the certification with the FQDN fails - I know, there must be a way to resolve the issue, rather than try to make a NAT reflection but I hope there's a way to do it with cisco as well.

In the second cisco, users on the Guest Wifi are not allowed to access internal IP-s but they sometime need access to resources such as ftp. They are redirected to the external IP, but because they can't access it from the internal LAN.
Have you tried configuring ZBF of 891.  You need to have zones for NAT reflection.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial