NAT help

Unanswered Question
Dec 14th, 2009

Hello,

We have an internal webserver which is available from the internet via a public IP using a static NAT.  This server sits in it's own VLAN off our ASA using a sub-interface (trunk into a switch). Our developers have asked if our internal users could also use this public IP to access the server?  It will save them lots of re-programming apparently, is this possibe?

So if I wanted to get to this public IP (which is on the ASA anyway), it doesn't go out to the internet, but maybe just NAT's to this internal IP?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Andy White Mon, 12/14/2009 - 06:44

Would a NAT work, I looked at you link and it looks very similar to a NAT.

I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:

info example:

interfaces:

inside (192.168.1.1)

outside (100.100.100.1)

VLAN1 (172.25.1.x)

VLAN2 (192.168.15.x)

Currently we have a NAT for 100.100.100.2 > 192.168.15.8 from the Outside to VLAN2 web server.  We want VLAN2 to ba able to contact 100.100.100.2 and not go out on the global IP.  I added 'static (VLAN1,VLAN2) 192.168.15.8 100.100.100.2 netmask 255.255.255.255 dns tcp 0 0 udp 0' but the traffic goes to the outside.

I thought anything on VLAN1 trying to get to 100.100.100.2 would translate to 192.168.15.8?

Actions

This Discussion