Cisco static NAT not working on LAN side [duplicate]

nat cisco

I have a web server in my private network that has the ip address 192.168.1.134. I need to allow users to access this web server from both the internet and the private network. The public ip address is 85.185.236.12. I setup static nat (192.168.1.136 => 85.185.236.12) on the wan interface. Now, when we access it from the internet everything works perfectly, but when we try to access it from the LAN we can't access the webserver. I use cisco 1841 router and i think nat not working when i try to access it. How can we access the web server from the LAN? Thanks.


Solution 1:

I've just answered a similar question at https://supportforums.cisco.com/discussion/12102421/nat-hairpinning, let me repeat the answer here:

First of all, such a situation is encountered often enough.

Second, while NAT theoretically may be a solution, in practice particular vendor implementations of NAT can be restrictive and fail to support this.

One typical solution is to address the server located in the internal network by FQDN, not by the IP address. Two DNS zones are needed - one external, mapping server.example.org to the publicly known IP, and an internal, mapping the same FQDN to the private IP address of the server.

Up to this point, looks like a summary of others' comments. But here you have something fresh:

If this solution seems unacceptable, there is another one, it avoids NAT too, all that you need is to configure the TCP/IP stack on the server and the LAN hosts. Do this:

(1) on the server: add public IP address (85.185.236.12 in your case) as a secondary IP address on the server's network interface with the 255.255.255.255 mask (web service or whatever you want on the server should listen on this IP address too)

(2) on LAN computers: add a host route for that public IP address, for example, for Windows hosts use the following command: route add 85.185.236.12 mask 255.255.255.255 192.168.1.134 (you can also use DHCP "static route" option to distribute the route). Or, if there is a L3 switch/router in between the clients and the Internet-facing router, configure that host route on this intermediate switch/router, not on the clients.

Solution 2:

I guess you are trying to access it from the LAN using it's public IP address - 85.185.236.12. Long story short - don't do that. Use named views (or some other implementation) and access it using it's LAN address.

Related

Send email through Gmail SMTP to avoid local delivery attempts?
Apache uses up a lot of CPU for small website
v6tov4 in Linux?
How can I figure out which site on my server is getting swamped with traffic?
Mysterious HAProxy request errors
ssh access without password
Shaping outbound Traffic to Control Download Speeds with Linux
How to determine what type of RAM I need?
How can I forward to a specific MTA based on email address?
How to install php56 on CentOS 6 x86_64
How to export munin raw data to CSV?
HAProxy SSL roundrobin not working when SSL terminated and forwarded