Understanding ip nat outside Rules

One of my customers has a separated network within their internal network. Mobile devices (Android Phones, iPhones, etc.) are connected to a consumer access point which is connected behind the Cisco Router 876:

 

 

 

The Traveler service is also rechable via internet (configured with PAT pointed to the Traveler server). In the past, the mobile clients which are connected to the wireless network, where using the Cisco 876 Gateway (172.16.23.1) as their DNS Server, configured with static DNS-Hosts for the IBM Traveler Service:

ip host traveler.company.com 192.168.23.10

I granted access to the Traveler service from subnet 172.16.23.0 /24. But after some testing weeks they discovered, that the Android Phones have problems when they change from wireless to 3G mobile network: The DNS entry for “traveler.company.ch” still remains in the cache of the phones, pointed to the private address, so we need to configure the static DNS host on the Cisco Router 876 to the public IP address:

ip host traveler.company.com 80.60.50.40

After this we need to use ip nat outside command to change the packet destination at the Cisco 876 Router, because we can’t connect to the public IP address of the Cisco 2821 Router router (we are coming from the internal “ip nat inside” interface and can’t access the public nat rules on the “ip nat outside” interface). We will configure an “ip nat outside” rule:

ip nat outside source static 192.168.23.10 80.60.50.40

The client (in this example an Android Phone) wants to connect to the server “traveler.company.ch” (80.60.50.40). The “ip nat outside” command causes that the destination packets are changed from 80.60.50.40 to 192.168.23.10. So when the Android Phone changed from wireless to 3G network, the DNS cache entry keeps the same and they get no errors any more.

 

Feel free to discuss in the comments 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.