IPhone push and ASA

Unanswered Question
May 5th, 2010
User Badges:

my exchange fo is in the DMZ 192.168.1.25 and it has an external ip of 209.X.X.X

I want my iphone users to be able to hit the external IP from inside my network. my asa /security kung fu is not strong


How can I let traffic from my inside int to the external ip ? at this time hairpinning is not allowed and I would only like to allow only that ip to be accessed internaly


The security levels for the ints are all different so the same-security-traffic permit intra-interface  command will not work

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Wed, 05/05/2010 - 15:00
User Badges:
  • Green, 3000 points or more

Hi,


Let's say you have this:


Inside network: 1.1.1.0/24

DMZ network: 2.2.2.0/24

Outside network 3.3.3.0/24


So, there's a NAT for the DMZ's server:

static (dmz,out) 3.3.3.10 2.2.2.10


In order for the Internal LAN to access the DMZ server using its public address, you do the following:


static (dmz,in) 3.3.3.10 2.2.2.10


Federico.

Actions

This Discussion