A network engineer is configuring NAT on a Cisco router to allow internal hosts to access the internet. The engineer uses the command ip nat inside source static tcp 192.168.1.10 80 203.0.113.1 80. After testing, external users can access the internal web server using the public IP. However, internal hosts cannot access the web server using the public IP. What is the most likely cause?
Correct because by default, Cisco routers do not perform NAT for traffic that enters and leaves the same interface (inside-to-inside). This requires the ip nat enable route-map or similar configuration.
Why this answer
This is a classic NAT hairpinning issue. When an internal host tries to reach the public IP of the server, the router may not support or be configured for NAT reflection (hairpinning), so the packet is not translated correctly.