cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
680
Views
0
Helpful
8
Replies

How to translate this

cisconoobie
Level 2
Level 2

I have a webserver that is on my inside network. I created a NAT that translates a public Ip to inside Ip and it works great.

The only problme I have is that I cannot access from inside the Public IP of the internal webserver. How do I setup this reverse translation?

1 Accepted Solution

Accepted Solutions

There are 2 good options here

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#

If you are using an external dns server, the first option will work well, dns doctoring. The second option is hairpinning, which will allow the traffic to enter and exit the inside interface with a static nat.

View solution in original post

8 Replies 8

acomiskey
Level 10
Level 10

There are a few solutions for this but depends on what code you're running, is this pix or asa?

You can edit the HOST file on your machine to point to inside address. You can do dns doctoring if using an external dns server. You can do hairpinning if you are running code 7.

Asa version 7.2

Asa version 7.2

There are 2 good options here

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#

If you are using an external dns server, the first option will work well, dns doctoring. The second option is hairpinning, which will allow the traffic to enter and exit the inside interface with a static nat.

ok use these commands :-

same-security-traffic permit intra interface

static (inside,inside)

cl xlate

cl loc

!!! Just be careful running the "cl xlate" command in a production environment. That could really impact your current traffic and cause the phones to ring.

were the commands helpful..?

glad I could help!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: