How can I get LAN users to use "outside" IP's of ASA

Unanswered Question
Jun 11th, 2008
User Badges:


We have an ASA 5520 fireall with 20 public IP's which NAT'd to various web servers on the DMZ.

The thing is the internal LAN users can access them by typing in the internal IP of the server, but is it possible to treat the servers like an external company so if they type the public IP of FQDNS then it will be resolved?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

The easiest way to do this is if you are running your own internal DNS that forwards outbound. Just add FQDN records pointing to you internal ips. When an internal user types it would resolve to the internal ip and route accordingly.

This would only work if you had internal DNS, but also had an external DNS server hosting your public resources.

acomiskey Wed, 06/11/2008 - 07:12
User Badges:
  • Green, 3000 points or more

static (dmz,inside) netmask


This Discussion