cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
461
Views
4
Helpful
4
Replies

Access DMZ server from Inside with outside NAT IP

chucktiede
Level 1
Level 1

I have a quick question. Can the ASA 7.2 code support the following setup. There is a web server in the DMZ and has a public IP that is NAT'ed to a public IP address. We have internal users that need to access this server via it's external IP address instead of the DMZ IP. Is this possible with the ASA? I know it was not with the Pix 500 and ver 6.3 code.

1 Accepted Solution

Accepted Solutions

Well, it wouldn't be hairpinning from inside to dmz...I know you know that jon, haha.

Here is an easy and good way to do it, other than dns doctoring....destination nat.

static (dmz,inside) netmask 255.255.255.255

View solution in original post

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Yes you can do this with either DNS doctoring or hairpinning which is new to v7.x code.

Attached is a document that covers both solutions.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

HTH

Jon

Well, it wouldn't be hairpinning from inside to dmz...I know you know that jon, haha.

Here is an easy and good way to do it, other than dns doctoring....destination nat.

static (dmz,inside) netmask 255.255.255.255

As jon said you may also want to consider dns doctoring.

With the destination nat method above, you probably won't be able to contact the dmz server with it's dmz address after you add that static statment.

That is ok, we do not need to access the DMZ IP. This solution works for us. Thank you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: