Hi Marc,
That's what I usually do as well. In this scenario though an internal DNS server is not an option as all traffic is by IP address not hostname. Its got me stumped and I know Cisco used to say it was not possible, but am just wondering if there is anything new that could be used/manipulated to do this. Cheers ________________________________ From: Marc Archer [mailto:[EMAIL PROTECTED] Sent: Thursday, 17 July 2008 3:25 PM To: Geyer, Nick Cc: [email protected] Subject: Re: [c-nsp] NAT and hairpin's Hi Nick, We had the same problem at work and used DNS to get around it. The only solution we found was to have an second internal DNS that would resolv to the internal IP so that both internal and external users could access the server from a common DNS name. Marc. 2008/7/17 Geyer, Nick <[EMAIL PROTECTED]>: Hi Everyone, Just wondering if anyone has come up with a way to hairpin traffic using a Cisco router? The problem is as follows; Say for example I have a router connecting to the Internet and an internal LAN doing normal NA, e.g; 203.1.2.3 -> ROUTER <- 192.168.1.0/24 (203.1.2.3 being the public IP on the "outside" interface) I have an application that talks from clients on the Internet to an internal server (192.168.1.1), with the appropriate static NAT's setup on the router to forward the traffic. The problem is the internal clients also need to talk to the server but on the public IP address (203.1.2.3). The traffic from the internal clients will hit the router but it wont translate and forward the traffic because its coming from the "inside" interface (and the static NAT only works for requests from the outside interface). I don't believe it can be done but just thought I would ask in case anyone has come up with a weird and wonderful way. Cheers, Nick Geyer. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
