I have a Cisco router configured NAT (4 static NAT and dynamic NAT). My problem is that I can't access internal servers using public IP addresses from the internal network.
I know what the problem is. I did a lot of Google searching about this problem, and I learned that most firewall/routers automatically handle this situation.
In case of Cisco, NAT hairpinning is the one of the solutions (I don't know if I am correct). How can i do that?.
i need to access the server using the IP address 202.192.68.235
from my PC, but I can't.
Best Answer
NVI NAT's already been brought up by Aaron D.
Here's a the relevant config bits of a working example. It's been done on a CISCO881 with IOS 15.4(3)M6a
Interface configuration:
NAT ACL:
NAT rules:
In a nutshell:
Caution: NVI NAT can be VERY taxing on the CPU of low-end routers like the 800 series. Where my old 881 used to be able to deliver 50-60Mbit/s with classic NAT, switching over to NVI caused the throughput to drop to 20-30Mbit/s and would have the CPU glowing red when under load.
That was also the case when the to-be-hairpinned translation was not actually in use, just with traffic matching the normal "interface ... overload" outbound NAT rule.