No announcement yet.

NAT or Firewall problem with a Cisco 2811

  • Filter
  • Time
  • Show
Clear All
new posts

  • NAT or Firewall problem with a Cisco 2811

    Hello everybody,

    I have a problem setting up a CISCO 2811 router. The configuration of the router is as follows:

    1) Inside Interface 0/0 with IP
    2) Inside Interface 0/1 with IP
    3) Outside interface with IP

    On the Inside Interface 0/1 ( a DMZ is configured and there is only one server (web and e-mail) attached whose IP address is

    On the other interface ( the companies LAN is attached.

    NAT translates
    1) all the internal IPs to and
    2) the web/mail server to an additional public IP

    The problem is that when I'm trying to hit the public IP from a computer, member of company's LAN ( I can not, although I can hit any other public IPs on the Internet. That means that from inside the company's LAN I can't visit company's web page or receive e-mails when I use the public IP of the server (as POP3/SMTP/HTTP). Because a lot of the employees are using laptops, they need to access their e-mail accounts either they are inside or outside the company's LAN. So they need to use of the public IP of the server without being needed to change it to the internal IP when they are attached on company's LAN.

    Thank you in advance. I would appreciate any help on this problem.


  • #2
    Re: NAT or Firewall problem with a Cisco 2811

    Can they not talk to the DMZ server using the public IP address? Can they communicate with it using the private, network address?

    Assuming they can communicate with the email/web server in the DMZ using the private IP but not the public, here is how I solved this type of issue on my network-
    - create a DNS entry for the email/web server on the DMZ on your internal DNS server with the same name as the external DNS entry for that server. That way, when the laptops are on the internal LAN, they do a DNS lookup with the internal DNS server and it resolves to the private IP. When they are on the Internet and do a DNS lookup, it resolves to the public IP.

    Does that help out?

    David Davis - Petri Forums Moderator & Video Training Author
    Train Signal - The Global Leader in IT Video Training - Free IT Training Products
    Personal Websites: &


    • #3
      Re: NAT or Firewall problem with a Cisco 2811

      Hi Nikos

      You can not access your public IP that is NATed from the outside to an inside address using the public IP. If you are running Active Directory and have a DNS server you can setup DNS pointer to the internal IP of your web and e-mail server.

      Hope this helps


      • #4
        Re: NAT or Firewall problem with a Cisco 2811


        When you ping the public IP of web/mail server the PIX will forward the traffic to router as it wont know about the traffic is destinated for its own NATted IP of web/mail server.

        Inorder to have PIX to understand that this traffic is for its own NATed IP you need to configure the following in PIX


        You can verify this from the following URL

        Pls do let me know the feed back as its interesting to know about the status.

        With Best Regards



        • #5
          Re: NAT or Firewall problem with a Cisco 2811

          You need to be running a seperate DNS infrastructure internally. Setup the zone on there and substitute internal IPs for external and you'll be good to go. This is sometimes referred to as a "split brain" DNS design.

          Also, you reference your outside interface being 213.5.x.x and the NATed Ips being 212.89.x.x. I'm assuming your upstream is statically routing that 212.89 block down to you or you're speaking BGP to them?
          Brian Desmond
          Microsoft MVP - Directory Services