We are trying to configure hairpinning on our Cisco 887VA VDSL router, so all LAN users can connect to the server using SMTP port 25 which is also in the same LAN subnet, using external router address, which is assigned to dialer1 interface.
Traffic coming in from outside works fine.
Traffic coming from outside to 184.108.40.206:25 goes through fine, but LAN users are unable to connect to 220.127.116.11:25
When we run tcpdump on the server on port 25 nothing happens. The traffic is not going through. We have also noticed in debug ip packet is this line:
s=18.104.22.168 (Vlan1), d=192.168.101.200 (Vlan1), len 52, rcvd local pkt
We have encountered the same connectivity issues with the NVI NAT configuration if the addresses we translated into were actually located in the directly connected networks of the router. What helped, after a tedious search, was to configure no ip redirects on the egress ('outside'-alike) interfaces. There are some strange interactions with the ICMP redirect mechanism and we stumbled across this workaround.
Can you add the no ip redirects command to all your IP-enabled interfaces, i.e. E0.101, Vlan1 and Dialer1? Even if it turns out to not solve your issue, it should not do any harm (basically, this command stops sending the ICMP Redirect messages and should allow the router to hairpin any streams).
Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.