Controllerless Networks

Hi all,

My company uses AP105s with virtual controller assigned IPs.

Users can access secure mail on their wireless device via cellular Internet service.

The mail service is Natted 65.x.x.x to 208.x.x.x. on the external router

When users connect to the AP105's WiFi on the internal network, they cannot access

the mail service. So I take it a NAT loopback is not allowed on the external router?

Can I create a static route on the AP105s to resolve this?

I've attached simple diagram to illustrate.

Thanks!

Are your clients resolving the 65.x.x.x IP for the mail server rather than the 208.x.x.x address?  If so, you could setup a rule on your user role that will destination NAT your requests to the internal IP (208.x.x.x) rather than the resolvable external 65.x.x.x.

The following shows all traffic for the host destination NAT'd; but you could get more granular.

Clembo,

Thank you very, very much for the reply.

What you said and illustrated is exactly what I need to do, but I don't see any

option on the AP105s to do so.

The rules only have  Allow/Deny a service to a server or network.

I don't see any that allow a re-route/redirect.

Your illustration looks more advanced that what I have when I go to the rules.

I've attached a pic showing an example of what I see.

I'm on OS 6.1.2.3-2.0.0.3_31389.

Do I need an OS upgrade to get those redirect options perhaps?

Thanks

You'll need to upgrade to a newer Instant OS.   I don't know what version introduced those features.

Clembo,

OK, I will upgrade and respond back.

Thanks!

Clembo,

The IOS devices can access the server internally now. Our vendor worked with us.

It was still a good idea to upgrade the OS though and I did so.

I added appropriate allow/port rules and it's working now.

Thanks!