IPhone push and ASA

Unanswered Question
May 5th, 2010
User Badges:

my exchange fo is in the DMZ and it has an external ip of 209.X.X.X

I want my iphone users to be able to hit the external IP from inside my network. my asa /security kung fu is not strong

How can I let traffic from my inside int to the external ip ? at this time hairpinning is not allowed and I would only like to allow only that ip to be accessed internaly

The security levels for the ints are all different so the same-security-traffic permit intra-interface  command will not work

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Wed, 05/05/2010 - 15:00
User Badges:
  • Green, 3000 points or more


Let's say you have this:

Inside network:

DMZ network:

Outside network

So, there's a NAT for the DMZ's server:

static (dmz,out)

In order for the Internal LAN to access the DMZ server using its public address, you do the following:

static (dmz,in)



This Discussion