Hairpinning

BrianPearce · ‎01-09-2008

I have a Linux server inside the firewall. Just purchased and installed ASA5505 bundle with Smartnet.

The Linux server sends backup result messages to our Exchange server. It does this by accessing an external port/IP address. This no longer works since upgrading to ASA5505. I have searched every mutt, sendmail, etc that I can on the Linux box. Any advise would be greatly appreciated.

Thanks.

Collin Clark · ‎01-09-2008

You need to add another static in your ASA. Here's a link for reference. If you still have questions, let us know.

http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html

HTH and please rate.

BrianPearce · ‎01-09-2008

Thanks very much for the link.

I have passed this on, as this is starting to get outside of my realm.

Regards,

Brian

Richard Burts · ‎01-09-2008

Brian

I can not tell from your post whether you have configured the ASA to permit it to forward traffic back out the same interface on which it was received. By default the ASA does not do this. To configure it you would use this command:

same-security-traffic permit intra-interface

HTH

Rick

HTH

Rick

acomiskey · ‎01-09-2008

This should do it. It may look slightly different depending upon your current configuration.

same-security-traffic permit intra-interface

global (inside) 1 interface

nat (inside) 1 0 0

static (inside,inside) netmask 255.255.255.255

BrianPearce · ‎01-09-2008

Thanks very much for the reply.

We will be testing this over the next day or so.

Regards,

Brian

BrianPearce · ‎01-09-2008

Thanks Rick.

I will be looking into all of this in the next day or so.

Regards,

Brian