[nsp] NAT question

Bruce Pinsky bep at whack.org
Mon Feb 2 17:21:58 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jay Nakamura wrote:

| I have a quick question on NAT that I haven't found the answer to.
|
| Let's say I have the following configuration,
|
| interface FastEthernet0/1
|  ip address 10.0.0.2 255.255.255.0
|  ip nat inside
| !
| interface FastEthernet0/2
|  ip address 10.0.1.1 255.255.255.0
|  ip nat outside
| !
| ip nat inside source list 101 interface FastEthernet0/2 overload
| ip nat inside source static tcp 10.0.0.1 80 10.0.10.1 80 extendable
| access-list 101 permit ip 10.0.0.0 0.0.0.255 any
| ip route 0.0.0.0 0.0.0.0 10.0.1.2
|
| Let's say 10.0.0.1 is a web server, 10.0.10.1 has the DNS www.foobar.com
|
| Now, the issue is, the users inside would like to connect to the web server
| at 10.0.0.1 but use www.foobar.com as the address.
|
| Well, that doesn't work from inside the network since www.foobar.com will
| resolve to 10.0.10.1, and NAT gets confused when it hits the router.  (At
| least my test bed router does, running 12.2(17a))
|
| Is there a way to configure NAT so you can get to 10.0.10.1 from the inside
| network?
|

Why not solve this with DNS?  If you are running BIND 8.x or 9.x you should
be able to use views to provide different IP address resolution to the
hosts inside vs the hosts outside your network.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAHs2GE1XcgMgrtyYRApXcAKCsKNKCBuF1VNpr+/JcEz0WFZmXiQCdE0Y/
OblxKMTZaLQEpTKF2AI8dlA=
=C4qw
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list