Allow egress traffic on an outside interface back in the same interface

Unanswered Question
Jun 30th, 2010
User Badges:

Our web site is hosted on our internal network (not on a DMZ).  Attempting to contact it from the INSIDE network, through our ASA5510 at its DNS-acquired public internet address fails.  Access to this site from OUTSIDE works.  Both "same-security-traffic permit inter-interface", and
"same-security-traffic permit intra-interface" are configured.  Do I need a static route? If so, how is this configured?  Thanx!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Wed, 06/30/2010 - 12:47
User Badges:
  • Cisco Employee,

You only need intra-interface.

You need static (inside,inside)

for the host that is trying to load the page using the public address. and also

static (inside,inside) public_IP_of_webserver private_ip_webserver

BTW, the correct way to do this is to access the server using it private address from the inside and not the translated address.


pootboy69 Wed, 06/30/2010 - 12:57
User Badges:

Excellent!  BTW, as I am the newbie here, I didn't know the inside web server address.  It turns out that this type of issue has been buggeing these folks for a while.  I'll implement this and let you know the results.  Thank you!


pootboy69 Wed, 06/30/2010 - 14:34
User Badges:

Well, that didn't work.  I applied:

static (in_Laker,in_Laker)
static (in_Laker,in_Laker)

where is my machine, 192..168.1.232 is the outside and the inside IP of the web server.  in_Laker is the name of the inside interface.  Any additional thoughts?  Thanx!



This Discussion