12-14-2009 03:25 AM - edited 03-11-2019 09:48 AM
Hello,
We have an internal webserver which is available from the internet via a public IP using a static NAT. This server sits in it's own VLAN off our ASA using a sub-interface (trunk into a switch). Our developers have asked if our internal users could also use this public IP to access the server? It will save them lots of re-programming apparently, is this possibe?
So if I wanted to get to this public IP (which is on the ASA anyway), it doesn't go out to the internet, but maybe just NAT's to this internal IP?
12-14-2009 04:42 AM
12-14-2009 06:44 AM
Would a NAT work, I looked at you link and it looks very similar to a NAT.
I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:
info example:
interfaces:
inside (192.168.1.1)
outside (100.100.100.1)
VLAN1 (172.25.1.x)
VLAN2 (192.168.15.x)
Currently we have a NAT for 100.100.100.2 > 192.168.15.8 from the Outside to VLAN2 web server. We want VLAN2 to ba able to contact 100.100.100.2 and not go out on the global IP. I added 'static (VLAN1,VLAN2) 192.168.15.8 100.100.100.2 netmask 255.255.255.255 dns tcp 0 0 udp 0' but the traffic goes to the outside.
I thought anything on VLAN1 trying to get to 100.100.100.2 would translate to 192.168.15.8?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide