10-01-2007 11:48 AM - edited 03-11-2019 04:18 AM
I have a quick question. Can the ASA 7.2 code support the following setup. There is a web server in the DMZ and has a public IP that is NAT'ed to a public IP address. We have internal users that need to access this server via it's external IP address instead of the DMZ IP. Is this possible with the ASA? I know it was not with the Pix 500 and ver 6.3 code.
Solved! Go to Solution.
10-01-2007 12:02 PM
Well, it wouldn't be hairpinning from inside to dmz...I know you know that jon, haha.
Here is an easy and good way to do it, other than dns doctoring....destination nat.
static (dmz,inside)
10-01-2007 11:52 AM
Hi
Yes you can do this with either DNS doctoring or hairpinning which is new to v7.x code.
Attached is a document that covers both solutions.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
HTH
Jon
10-01-2007 12:02 PM
Well, it wouldn't be hairpinning from inside to dmz...I know you know that jon, haha.
Here is an easy and good way to do it, other than dns doctoring....destination nat.
static (dmz,inside)
10-01-2007 12:51 PM
As jon said you may also want to consider dns doctoring.
With the destination nat method above, you probably won't be able to contact the dmz server with it's dmz address after you add that static statment.
10-01-2007 12:55 PM
That is ok, we do not need to access the DMZ IP. This solution works for us. Thank you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: