Allow egress traffic on an outside interface back in the same interface

Unanswered Question
Jun 30th, 2010

Our web site is hosted on our internal network (not on a DMZ).  Attempting to contact it from the INSIDE network, through our ASA5510 at its DNS-acquired public internet address fails.  Access to this site from OUTSIDE works.  Both "same-security-traffic permit inter-interface", and
"same-security-traffic permit intra-interface" are configured.  Do I need a static route? If so, how is this configured?  Thanx!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Wed, 06/30/2010 - 12:47

You only need intra-interface.


You need static (inside,inside) 10.10.10.1 10.10.10.1


for the host that is trying to load the page using the public address. and also


static (inside,inside) public_IP_of_webserver private_ip_webserver


BTW, the correct way to do this is to access the server using it private address from the inside and not the translated address.


-KS

pootboy69 Wed, 06/30/2010 - 12:57

Excellent!  BTW, as I am the newbie here, I didn't know the inside web server address.  It turns out that this type of issue has been buggeing these folks for a while.  I'll implement this and let you know the results.  Thank you!


Wolf

pootboy69 Wed, 06/30/2010 - 14:34

Well, that didn't work.  I applied:

static (in_Laker,in_Laker) 10.10.30.208 10.10.30.208
static (in_Laker,in_Laker) 192.168.1.232 10.10.30.156

where 10.10.30.208 is my machine, 192..168.1.232 is the outside and 10.10.30.156 the inside IP of the web server.  in_Laker is the name of the inside interface.  Any additional thoughts?  Thanx!


Wolf

Actions

This Discussion