cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
524
Views
0
Helpful
2
Replies

NAT help

Andy White
Level 3
Level 3

Hello,

We have an internal webserver which is available from the internet via a public IP using a static NAT.  This server sits in it's own VLAN off our ASA using a sub-interface (trunk into a switch). Our developers have asked if our internal users could also use this public IP to access the server?  It will save them lots of re-programming apparently, is this possibe?

So if I wanted to get to this public IP (which is on the ASA anyway), it doesn't go out to the internet, but maybe just NAT's to this internal IP?

2 Replies 2

krishnadas.R_2
Level 1
Level 1

Hi,

ASA wont allow port redirection, so you may need to use the DNS doctoring feature..
If accessing the server via the internal IP address meets your needs, then you may want
to try DNS doctoring.


Would a NAT work, I looked at you link and it looks very similar to a NAT.

I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:

info example:

interfaces:

inside (192.168.1.1)

outside (100.100.100.1)

VLAN1 (172.25.1.x)

VLAN2 (192.168.15.x)

Currently we have a NAT for 100.100.100.2 > 192.168.15.8 from the Outside to VLAN2 web server.  We want VLAN2 to ba able to contact 100.100.100.2 and not go out on the global IP.  I added 'static (VLAN1,VLAN2) 192.168.15.8 100.100.100.2 netmask 255.255.255.255 dns tcp 0 0 udp 0' but the traffic goes to the outside.

I thought anything on VLAN1 trying to get to 100.100.100.2 would translate to 192.168.15.8?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: