[c-nsp] NAT and hairpin's
Ted Mittelstaedt
tedm at toybox.placo.com
Thu Jul 17 02:58:05 EDT 2008
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Marc Archer
> Sent: Wednesday, July 16, 2008 10:25 PM
> To: Geyer, Nick
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] NAT and hairpin's
>
>
> Hi Nick,
>
> We had the same problem at work and used DNS to get around it. The only
> solution we found was to have an second internal DNS that would resolv to
> the internal IP so that both internal and external users could access the
> server from a common DNS name.
>
IOS nat code will rewrite the DNS query if the DNS server is
on the outside and the clients are on the inside, so that the
clients get the internal number, not the external number.
The only caveat is that you have to statically map an
outside IP number to the inside IP number, you can't port
forward off an overloaded outside interface and have the
DNS magic work.
Ted
More information about the cisco-nsp
mailing list