i have a secondary ip on my wan with for a web server. i have ports 80 and 443 setup with ACL's and in the Public nat destination list
when i try to connect to the public IP of the web server from the Private network, the router connects me to the admin page of the netvanta rather then the web server's websites.
it works fine from outside of my network(the internet). i do need it to respond correctly from inside of my network for testing sites
i'm guessing i need to change the Private policy class, but i'm unsure what to do
ip policy-class Private
allow list self self
nat source list wizard-ics interface eth 0/1 overload
allow list web-acl-22
ip policy-class Public
nat destination list mail1 address 172.17.19.2
ip access-list extended mail1
permit tcp any host 67.51.235.144 eq www log
permit tcp any host 67.51.235.144 eq https log
Hi jessepdx:
Thanks for posting your question in the Support Community. To my knowledge, this kind of hairpin NAT isn't supported in AOS. It seems the most efficient approach (even if the hairpin was possible) is for local DNS servers to resolve a given hostname to the internal address, while the external DNS hostname resolves to the external IP address.
Best,
Chris
Hi jessepdx:
Thanks for posting your question in the Support Community. To my knowledge, this kind of hairpin NAT isn't supported in AOS. It seems the most efficient approach (even if the hairpin was possible) is for local DNS servers to resolve a given hostname to the internal address, while the external DNS hostname resolves to the external IP address.
Best,
Chris
yeah, i just talked to Adtran support. AOS doesn't support hairpin(now i know the correct term for this) NAT.
i'll use DNS to resolve the hostnames to internal IP's.