10-02-2009 08:31 AM
Hello,
I've an ASA with a DMZ on which the CSS is connected.
Outside users connect to a public IP address which is statically NAT'd to the VIP on the CSS.
All is working well, but the customer wants to be able to use the public IP address (or DNS) from the inside network of the ASA.
Is this possible, as the traffic would need to go inside to outside then outside to DMZ and back?
any help appreciated
Cheers Tony
Solved! Go to Solution.
10-02-2009 09:12 AM
Tony, this is pretty simple actually.
If your existing static looks something like this for access from the outside...
static (dmz,outside) 1.1.1.1 2.2.2.2 netmask 255.255.255.255
all you have to do is add this static
static (dmz,inside) 1.1.1.1 2.2.2.2 netmask 255.255.255.255
Then anyone on the inside going to 1.1.1.1 will be sent do 2.2.2.2 in the dmz.
10-02-2009 09:12 AM
Tony, this is pretty simple actually.
If your existing static looks something like this for access from the outside...
static (dmz,outside) 1.1.1.1 2.2.2.2 netmask 255.255.255.255
all you have to do is add this static
static (dmz,inside) 1.1.1.1 2.2.2.2 netmask 255.255.255.255
Then anyone on the inside going to 1.1.1.1 will be sent do 2.2.2.2 in the dmz.
10-02-2009 10:02 AM
Hello Acomiskey,
Thanks for your reply, you know... I've been configuring PIX firewalls (since 5.1, ASAs and FWSM, for hundreds of years now, L2L VPNs, SSL VPNs, RA, CSSs and even the odd CSM.
I did a 10 interface ASA using VLANs last month, that actually hurts!
But every now and again, I get a mental block and have to start the learning process all over again.
Is it just me? :-)
Thanks for your help, its now working, I'll happily provide a 5 rating
Cheers Tony
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: