cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jessepdx
New Contributor II

routing to secondary ip from internal netwwork

Jump to solution

i have a secondary ip on my wan with for a web server. i have ports 80 and 443 setup with ACL's and in the Public nat destination list

when i try to connect to the public IP of the web server from the Private network, the router connects me to the admin page of the netvanta rather then the web server's websites.

it works fine from outside of my network(the internet). i do need it to respond correctly from inside of my network for testing sites

i'm guessing i need to change the Private policy class, but i'm unsure what to do

ip policy-class Private

  allow list self self

  nat source list wizard-ics interface eth 0/1 overload

  allow list web-acl-22

ip policy-class Public

nat destination list mail1 address 172.17.19.2

ip access-list extended mail1

  permit tcp any  host 67.51.235.144 eq www   log

  permit tcp any  host 67.51.235.144 eq https   log

Labels (3)
0 Kudos
1 Solution

Accepted Solutions
cj_
Valued Contributor
Valued Contributor

Re: routing to secondary ip from internal netwwork

Jump to solution

Hi jessepdx:

Thanks for posting your question in the Support Community.  To my knowledge, this kind of hairpin NAT isn't supported in AOS.  It seems the most efficient approach (even if the hairpin was possible) is for local DNS servers to resolve a given hostname to the internal address, while the external DNS hostname resolves to the external IP address.

Best,

Chris

View solution in original post

0 Kudos
2 Replies
cj_
Valued Contributor
Valued Contributor

Re: routing to secondary ip from internal netwwork

Jump to solution

Hi jessepdx:

Thanks for posting your question in the Support Community.  To my knowledge, this kind of hairpin NAT isn't supported in AOS.  It seems the most efficient approach (even if the hairpin was possible) is for local DNS servers to resolve a given hostname to the internal address, while the external DNS hostname resolves to the external IP address.

Best,

Chris

View solution in original post

0 Kudos
jessepdx
New Contributor II

Re: routing to secondary ip from internal netwwork

Jump to solution

yeah, i just talked to Adtran support. AOS doesn't support hairpin(now i know the correct term for this) NAT.

i'll use DNS to resolve the hostnames to internal IP's.