[nsp] NAT question

Stephen J. Wilcox steve at telecomplete.co.uk
Mon Feb 2 17:33:06 EST 2004


> | I have a quick question on NAT that I haven't found the answer to.
> |
> | Let's say I have the following configuration,
> |
> | interface FastEthernet0/1
> |  ip address 10.0.0.2 255.255.255.0
> |  ip nat inside
> | !
> | interface FastEthernet0/2
> |  ip address 10.0.1.1 255.255.255.0
> |  ip nat outside
> | !
> | ip nat inside source list 101 interface FastEthernet0/2 overload
> | ip nat inside source static tcp 10.0.0.1 80 10.0.10.1 80 extendable
> | access-list 101 permit ip 10.0.0.0 0.0.0.255 any
> | ip route 0.0.0.0 0.0.0.0 10.0.1.2
> |
> | Let's say 10.0.0.1 is a web server, 10.0.10.1 has the DNS www.foobar.com
> |
> | Now, the issue is, the users inside would like to connect to the web server
> | at 10.0.0.1 but use www.foobar.com as the address.

Erm a wild guess but what happens if you give the server a secondary address of 
10.0.10.1 and point a static on the router to it.. it may be a simple solution 
or it may just not work :)

Steve

> | Well, that doesn't work from inside the network since www.foobar.com will
> | resolve to 10.0.10.1, and NAT gets confused when it hits the router.  (At
> | least my test bed router does, running 12.2(17a))
> |
> | Is there a way to configure NAT so you can get to 10.0.10.1 from the inside
> | network?
> |
> 
> Why not solve this with DNS?  If you are running BIND 8.x or 9.x you should
> be able to use views to provide different IP address resolution to the
> hosts inside vs the hosts outside your network.
> 
> - --
> =========
> bep
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (MingW32)
> 
> iD8DBQFAHs2GE1XcgMgrtyYRApXcAKCsKNKCBuF1VNpr+/JcEz0WFZmXiQCdE0Y/
> OblxKMTZaLQEpTKF2AI8dlA=
> =C4qw
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list