Cisco ASA: How can I access the translated public IP from the inside?

Unanswered Question
Dec 19th, 2008
User Badges:

Hello everyone, I have encountered this problem many times with the Cisco ASA and want to know how I can fix this this.


Here is the issue ...


We have a Cisco ASA and on the inside network we have a web server (192.168.1.10) translating to Pubic IP X.X.X.X.


From the outside when you put in X.X.X.X in your web browser it works.


Well if I am on the inside of the network and put in that Pubic IP of X.X.X.X it doesn't work.


Using a Linksys router works! But with a Cisco ASA it does not work! If I use the private IP it works of coarse.


Is there something I need to configure on the Cisco ASA to fix this where if I use the Public IP internally it will still work? Any sample configuration?


Thanks in advanced!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Mo'ath Al Rawashdeh Mon, 12/22/2008 - 00:35
User Badges:
  • Bronze, 100 points or more

Hi,


You can place the webserver in its own DMZ.


In this case, all users who try to connect (from inside and outside) will use its public IP address.


regards,

JORGE RODRIGUEZ Wed, 12/24/2008 - 11:26
User Badges:
  • Green, 3000 points or more

Rashida,


Andrew prety much told you how to do it, and in addition to previous poster.




We have a Cisco ASA and on the inside network we have a web server (192.168.1.10) translating to Pubic IP X.X.X.X.


From the outside when you put in X.X.X.X in your web browser it works.


Well if I am on the inside of the network and put in that Pubic IP of X.X.X.X it doesn't work.




Simply do this in the firewall , HAIRPINING , given that your inside interface if_name argument is called inside


same-security-traffic permit intra-interface

static (inside,inside) < X.X.X.X > netmask <32_bit_mask>



if u happen to place your webserver in a DMZ environment and want from inside to access webserver localted

in DMZ via public IP address


you will need

same-security-traffic permit intra-interface

static (DMZ,inside) < X.X.X.X > netmask <32_bit_mask>


From withing DMZ host to access webserver via public IP , provided you have an inbound acl for your

outside interface allowing access to X.X.X.X on port 80



same-security-traffic permit intra-interface

static (DMZ,DMZ) < X.X.X.X > netmask <32_bit_mask>


Regards

PLS rate helpful posts if it helps



Actions

This Discussion