[c-nsp] NAT and hairpin's

Geyer, Nick nick.geyer at EDS.COM
Thu Jul 17 01:36:56 EDT 2008


Hi Marc,

 

That's what I usually do as well.

 

In this scenario though an internal DNS server is not an option as all
traffic is by IP address not hostname. Its got me stumped and I know
Cisco used to say it was not possible, but am just wondering if there is
anything new that could be used/manipulated to do this.

 

Cheers

 

________________________________

From: Marc Archer [mailto:marc at archernet.id.au] 
Sent: Thursday, 17 July 2008 3:25 PM
To: Geyer, Nick
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] NAT and hairpin's

 

Hi Nick,

We had the same problem at work and used DNS to get around it. The only
solution we found was to have an second internal DNS that would resolv
to the internal IP so that both internal and external users could access
the server from a common DNS name.

Marc.

2008/7/17 Geyer, Nick <nick.geyer at eds.com>:

Hi Everyone,



Just wondering if anyone has come up with a way to hairpin traffic using
a Cisco router? The problem is as follows;



Say for example I have a router connecting to the Internet and an
internal LAN doing normal NA, e.g;



203.1.2.3 -> ROUTER <- 192.168.1.0/24 (203.1.2.3 being the public IP on
the "outside" interface)



I have an application that talks from clients on the Internet to an
internal server (192.168.1.1), with the appropriate static NAT's setup
on the router to forward the traffic. The problem is the internal
clients also need to talk to the server but on the public IP address
(203.1.2.3). The traffic from the internal clients will hit the router
but it wont translate and forward the traffic because its coming from
the "inside" interface (and the static NAT only works for requests from
the outside interface).



I don't believe it can be done but just thought I would ask in case
anyone has come up with a weird and wonderful way.



Cheers,



Nick Geyer.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 



More information about the cisco-nsp mailing list