[nsp] NAT question

Church, Chuck cchurch at wamnetgov.com
Tue Feb 3 09:10:09 EST 2004


Steve,

	I've done the static host route and secondary host IP address method in the past, works like a charm.

Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch at wamnetgov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com

> -----Original Message-----
> From: Stephen J. Wilcox [mailto:steve at telecomplete.co.uk]
> Sent: Monday, February 02, 2004 5:33 PM
> To: Bruce Pinsky
> Cc: Jay Nakamura; Cisco List
> Subject: Re: [nsp] NAT question
> 
> 
> > | I have a quick question on NAT that I haven't found the answer to.
> > |
> > | Let's say I have the following configuration,
> > |
> > | interface FastEthernet0/1
> > |  ip address 10.0.0.2 255.255.255.0
> > |  ip nat inside
> > | !
> > | interface FastEthernet0/2
> > |  ip address 10.0.1.1 255.255.255.0
> > |  ip nat outside
> > | !
> > | ip nat inside source list 101 interface FastEthernet0/2 overload
> > | ip nat inside source static tcp 10.0.0.1 80 10.0.10.1 80 
> extendable
> > | access-list 101 permit ip 10.0.0.0 0.0.0.255 any
> > | ip route 0.0.0.0 0.0.0.0 10.0.1.2
> > |
> > | Let's say 10.0.0.1 is a web server, 10.0.10.1 has the DNS 
www.foobar.com
> |
> | Now, the issue is, the users inside would like to connect to the web server
> | at 10.0.0.1 but use www.foobar.com as the address.

Erm a wild guess but what happens if you give the server a secondary address of 
10.0.10.1 and point a static on the router to it.. it may be a simple solution 
or it may just not work :)

Steve

> | Well, that doesn't work from inside the network since www.foobar.com will
> | resolve to 10.0.10.1, and NAT gets confused when it hits the router.  (At
> | least my test bed router does, running 12.2(17a))
> |
> | Is there a way to configure NAT so you can get to 10.0.10.1 from the inside
> | network?
> |
> 
> Why not solve this with DNS?  If you are running BIND 8.x or 9.x you should
> be able to use views to provide different IP address resolution to the
> hosts inside vs the hosts outside your network.
> 
> - --
> =========
> bep
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (MingW32)
> 
> iD8DBQFAHs2GE1XcgMgrtyYRApXcAKCsKNKCBuF1VNpr+/JcEz0WFZmXiQCdE0Y/
> OblxKMTZaLQEpTKF2AI8dlA=
> =C4qw
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list