khuyenht
join:2008-05-15
| [Config] NAT static
Hi all,
My company has 1 web server for test, I am using the cisco 2691 to public this web.
Command :
ip nat inside source static tcp 10.68.x.x 443 222.255.x.x 443 extendable
The outside network can connect to inside network by the URL:abc.com
and the domain abc.com = 222.255.x.x
But inside network can't connect to this URL:abc.com. The browser notice :Unable to connect
Do you have any ideas ? I want outside network and inside network can open the same URL:abc.com
Thanks so much |
|
elnino
join:2006-08-27
Akron, OH
| As far as I know, the Cisco routers don't have the DNS rewrite like the PIX/ASA do. So, the inside users have to connect to the inside IP, not the external IP. You can either accomplish this by running an internal DNS server or modify the hosts file on your company's computers. |
|
khuyenht
join:2008-05-15
| Hi Elnino,
When i configure the NAT static as:
ip nat inside source static 10.68.x.x 222.255.x.x
the both outside and inside network can open my website .
But when configure it all the port will be forward to inside local.
Could you please tell why this configure can open my website from inside and outside? I think the most difference between
ip nat inside source static 10.68.x.x 222.255.x.x
ip nat inside source static tcp 10.68.x.x 443 222.255.x.x 443 extendable
One forward all port to local and one forward only one port 443 to loacal!!!
Thanks so much |
|
mr_dirt
join:2006-02-14
Denver, CO
edit:
May 18th, @11:35PM
| reply to elnino
NAT is one of the worst-documented aspects of IOS.
IOS NAT offers DNS re-write, so that static NAT entries, if an external NAT is queried for a static NATed host, will provide the internal address. The only mention I've ever seen for this is on this page:
»www.cisco.com/en/US/technologies···2b9.html
There is a line with no link to docs or any futher informations, that reads, "DNS "A" and "PTR" queries".
Amazingly enough, (and for the love of God, I can't understand why no one has bothered to write anything more) IOS intercepts DNS queries for any host that it carries a static NAT for, and replies with the NAT inside address. I've done some limited testing of this, and it seems to work, but I've never applied it in fear that it will mysteriously stop working. |
|
Euphrates
join:2007-04-30
Bellingham, WA | reply to khuyenht
I was doing some reading and came across this article:
»cisco.com/en/US/docs/ios/12_4t/1···dns.html
If it helps, yay, if not... |
|
