Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URL to point to an internal IP address of our webserver

AnthonyMaddick
Here to help
‎Apr 30 2023 11:03 PM
‎Apr 30 2023 11:03 PM

URL to point to an internal IP address of our webserver

Hi Team, 

We have a requirement that i cannot seem to find a solution to. We have site to site VPN's configured (1 hun and 3 spokes) We have a server running some VM servers at the HUB site and have some webapps on a server with ip ending in .23 . We need to have the internal computers resolve a URL xxx.xxx.xx.cloud:8061 to the internal ip ending in .23. 

Currently, the external ISP DNS resolves the URL to our WAN IP address and we have a port forward in place to get to the server but our webapps support are claiming it is not right.  

 

Is there any internal process that can resolve the url to our internal IP.  The webapps do not need to be accessed externally either. 

Regards

0 Kudos
Subscribe
6 Replies 6
AnthonyMaddick
Here to help
‎Apr 30 2023 11:04 PM
‎Apr 30 2023 11:04 PM

our webapps support are mentioning snat or dnat maybe but that all seems external 

0 Kudos
Subscribe
Brash
Kind of a big deal
Kind of a big deal
‎May 1 2023 4:32 AM
‎May 1 2023 4:32 AM

You would need an internal DNS server that you can point your devices to. You can then have that DNS server resolve the URL to the local IP address.

Subscribe
AnthonyMaddick
Here to help
‎May 1 2023 5:46 PM
‎May 1 2023 5:46 PM

Thanks Brash, 

I will check with the Webapps team regarding a simple DNS change to point the url. 

They provided me with this 

 

 

 

Can you please update the firewall as below and advise once completed?

 

 

AnthonyMaddick_0-1682988348747.png

 

0 Kudos
Subscribe
In response to AnthonyMaddick
Brash
Kind of a big deal
Kind of a big deal
‎May 3 2023 4:42 PM
‎May 3 2023 4:42 PM

This sounds like they're keeping the DNS resolving to the external IP address but are wanting to implement a hairpin rule on the firewall.

This can work in general and provides some security advantages, but you'll need to evaluate whether that's more preferred than pointing the internal hosts directly to the internal server.

 

0 Kudos
Subscribe
In response to Brash
AnthonyMaddick
Here to help
‎May 9 2023 11:32 PM
‎May 9 2023 11:32 PM

Hi Brash, 

I beleive thats what they are wanting and are not giving me much of an option at all. 

Do you know how i would go about that hairpin rule? will i need that DNAT enabled?

0 Kudos
Subscribe
In response to AnthonyMaddick
Brash
Kind of a big deal
Kind of a big deal
‎May 10 2023 4:29 AM
‎May 10 2023 4:29 AM

Yes, you can configure a hairpin rule utilizing 1:1 or 1:Many NAT on the Meraki MX gateway.

 

https://community.meraki.com/t5/Security-SD-WAN/HairPin-Nat-Loop-back-NAT/m-p/24268

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.