06-28-2010 07:20 AM - edited 03-11-2019 11:04 AM
All,
I have a guest wireless subnet that's only allowed access to the outside world and that's it. A problem came up today that required a user in the company to be able to get to a hosted server on the LAN. A static nat exists for everyone on the outside to get to the server, so the thought was that they would connect to the guest wireless and then get to the hosted server via public address. This didn't work, but I think it's because the traffic is going through the ASA as natted, and then coming back out again making it look like the packet is being spoofed. Is that correct, and is there a way around it?
Thanks,
John
06-28-2010 08:53 AM
John,
There's a hundred of way this could have failed depending on configuration ...
Easiest way to check - enable logging on informational level, run a test check "show logg | i IP_ADDR_OF_SOURCE_OR_DESTINATION"
My GUESS it will be something related to translations or acls ...
You can create a static translation from LAN to wifi interface with public IP address.
Elegant solutions include
- IPsec VPN to access LAN resources from wifi
- DNS rewrite via "dns" keyword on static.
06-29-2010 12:57 PM
You may be able to get this to work using hairpining. I did something similar recently and though it's a little tricky, it's not impossible. Take a look at this: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#solution2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide