This is where dns doctoring on the asa/pix really comes in handy!
Split dns is usually the way to go but I had another thought, can you
put the public 203 address as an alias on the server and then setup a
policy route-map on your lan interface to match packets with a
destination of your server and port say something like "permit tcp
LAN host 203.1.2.3 eq 80" then put a "set ip next-hop SERVER LAN IP"
On 17/07/2008, at 2:46 PM, Geyer, Nick wrote:
Hi Everyone,
Just wondering if anyone has come up with a way to hairpin traffic
using
a Cisco router? The problem is as follows;
Say for example I have a router connecting to the Internet and an
internal LAN doing normal NA, e.g;
203.1.2.3 -> ROUTER <- 192.168.1.0/24 (203.1.2.3 being the public IP
on
the "outside" interface)
I have an application that talks from clients on the Internet to an
internal server (192.168.1.1), with the appropriate static NAT's setup
on the router to forward the traffic. The problem is the internal
clients also need to talk to the server but on the public IP address
(203.1.2.3). The traffic from the internal clients will hit the router
but it wont translate and forward the traffic because its coming from
the "inside" interface (and the static NAT only works for requests
from
the outside interface).
I don't believe it can be done but just thought I would ask in case
anyone has come up with a weird and wonderful way.
Cheers,
Nick Geyer.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
