> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Marc Archer > Sent: Wednesday, July 16, 2008 10:25 PM > To: Geyer, Nick > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] NAT and hairpin's > > > Hi Nick, > > We had the same problem at work and used DNS to get around it. The only > solution we found was to have an second internal DNS that would resolv to > the internal IP so that both internal and external users could access the > server from a common DNS name. >
IOS nat code will rewrite the DNS query if the DNS server is on the outside and the clients are on the inside, so that the clients get the internal number, not the external number. The only caveat is that you have to statically map an outside IP number to the inside IP number, you can't port forward off an overloaded outside interface and have the DNS magic work. Ted _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/