[c-nsp] NAT and hairpin's
Marc Archer
marc at archernet.id.au
Thu Jul 17 01:25:14 EDT 2008
Hi Nick,
We had the same problem at work and used DNS to get around it. The only
solution we found was to have an second internal DNS that would resolv to
the internal IP so that both internal and external users could access the
server from a common DNS name.
Marc.
2008/7/17 Geyer, Nick <nick.geyer at eds.com>:
> Hi Everyone,
>
>
>
> Just wondering if anyone has come up with a way to hairpin traffic using
> a Cisco router? The problem is as follows;
>
>
>
> Say for example I have a router connecting to the Internet and an
> internal LAN doing normal NA, e.g;
>
>
>
> 203.1.2.3 -> ROUTER <- 192.168.1.0/24 (203.1.2.3 being the public IP on
> the "outside" interface)
>
>
>
> I have an application that talks from clients on the Internet to an
> internal server (192.168.1.1), with the appropriate static NAT's setup
> on the router to forward the traffic. The problem is the internal
> clients also need to talk to the server but on the public IP address
> (203.1.2.3). The traffic from the internal clients will hit the router
> but it wont translate and forward the traffic because its coming from
> the "inside" interface (and the static NAT only works for requests from
> the outside interface).
>
>
>
> I don't believe it can be done but just thought I would ask in case
> anyone has come up with a weird and wonderful way.
>
>
>
> Cheers,
>
>
>
> Nick Geyer.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list