Unable to connect on natted server from a host computer on the same LAN using public IP address

cisco router nat local-area-network

154

Solution 1

Remember, when your firewall/router/whatever is doing NATing, the internal box that has a public IP NATed to it doesn't know anything about the NATed address.

So, in order for this to work, your packet has to leave your internal LAN, go out to the external network, then come back in via the firewall/router/whatever that's doing the NATing, and finally be handed to the internal box (which, again, doesn't generally know anything about the NATing).

There are some work-arounds that are possible (see Cisco alias command, if you're using Cisco), but in general it's not really something you want to do.

This is why most networks that contain internal hosts and externally accessible (public) hosts will maintain separate DNS servers for internal and external hosts. You can setup your external DNS server so that www.example.com points to your external IP, and setup your internal DNS server so that www.example.com point so your internal IP. If you're using BIND, then views make this quite easy.

Solution 2

You'll need to use the "alias" command to make this work.

See: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

NB!: The ASDM does not support this command, you have to do it by CLI.

154

Blankman

Updated on September 17, 2022

Comments

Blankman over 1 year
On some links on my HTML page I have a special CSS class, that when clicked, I make a ajax call to a click.aspx page and track the click.
```
<a href="..." class="click" id="blah-1">blah-1</a>


$(".click").bind("click", function() {

          $.get("/click.aspx?&source=" + $(this).attr("id"));

});
```
So what is happening is the value of source, after clicking a few links (that open in a new window) becomes:
```
source=blah1
```
then it becomes
```
source=blah1,blah2
```
- pauska almost 15 years
  
  Perhaps this isnt a Cisco PIX or ASA? If so my answer below might not work for you.
- Admin almost 15 years
  
  Sorry, I should I have said the router is a Cisco 1811. I know the alias command is supported on this router but from the link provided by Pauska about this command, I understand that DNS Doctoring doesn’t seem to be supported on any device other than ASA/PIX Firewall, I’m I right? Destination NAT “dnat” can also be use apparently, but from what I found I don’t think the C1811 support it either.
- Roman about 14 years
  
  Would an HTTP post be more appropriate for this than a get? At least it would keep URL from getting cluttered. You could write a custom, light weight handler that just returns HTTP status 200 when the click has been recorded instead of running a page through the full page life cycle.
tomjedrz almost 15 years

+1 for a better answer than mine!
Blankman about 14 years

I tried that, I think the issue is that the page doesn't load for some of the clicks, since the clicks open in a new browser??