10-14-2007 05:27 PM - edited 03-11-2019 04:25 AM
Hi,
I meet one issue by using ASA5550.
There are 2 interfaces which is configured in firewall, one is acted as inside and other is acted as outside. I configured static PAT from outside to inside and map one public address to internal e-mail server and dynamic PAT frame inside to outside.
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 212.x.x.1 https 10.x.x.1 https netmask 255.255.255.255
212.x.x.1 is public address which present e-mail server in public network
10.x.x.1 is private address which is e-mail server in private(inside) network
ip address of outside interface is 219.x.x.2/252
1, when I access e-mail server from public network ,it work fine; when I access e-mail server in inside network by using private address 10.x.x.1, it work fine
2, But when I access e-mail server in private(inside) network by using public address 212.x.x.1, it can not work.
I don't know why it is. pls help me to check it.
Thanks
Jun Xu
Solved! Go to Solution.
10-14-2007 07:08 PM
you need enabling DNS doctoring or hairpining, refer to this link for more details.
HTH
Jorge
10-14-2007 07:08 PM
you need enabling DNS doctoring or hairpining, refer to this link for more details.
HTH
Jorge
10-14-2007 10:32 PM
Hi Jorge
Thanks for your reply!
That is good method to solve issue of some applications which used DNS to get ip address. But if some application use public ip address of e-mail server to access in inside world, the problem will be occurred. In customer site , some users just do like this.
How can we solve?
Thanks
Jun
10-15-2007 06:30 AM
Jun, go over this thread as there is a conversation on exactly your issue.. you are still looking a hairpinning.
10-15-2007 07:44 AM
same-security-traffic permit intra-interface
static (inside,inside) tcp 212.x.x.1 https 10.x.x.1 https netmask 255.255.255.255
global (inside) 1 interface
nat (inside) 1 0 0
10-17-2007 09:15 PM
it is good solution in my customer site.
Thanks all of your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide