06-30-2010 12:35 PM - edited 03-11-2019 11:05 AM
Our web site is hosted on our internal network (not on a DMZ). Attempting to contact it from the INSIDE network, through our ASA5510 at its DNS-acquired public internet address fails. Access to this site from OUTSIDE works. Both "same-security-traffic permit inter-interface", and
"same-security-traffic permit intra-interface" are configured. Do I need a static route? If so, how is this configured? Thanx!
06-30-2010 12:47 PM
You only need intra-interface.
You need static (inside,inside) 10.10.10.1 10.10.10.1
for the host that is trying to load the page using the public address. and also
static (inside,inside) public_IP_of_webserver private_ip_webserver
BTW, the correct way to do this is to access the server using it private address from the inside and not the translated address.
-KS
06-30-2010 12:57 PM
Excellent! BTW, as I am the newbie here, I didn't know the inside web server address. It turns out that this type of issue has been buggeing these folks for a while. I'll implement this and let you know the results. Thank you!
Wolf
06-30-2010 02:34 PM
Well, that didn't work. I applied:
static (in_Laker,in_Laker) 10.10.30.208 10.10.30.208
static (in_Laker,in_Laker) 192.168.1.232 10.10.30.156
where 10.10.30.208 is my machine, 192..168.1.232 is the outside and 10.10.30.156 the inside IP of the web server. in_Laker is the name of the inside interface. Any additional thoughts? Thanx!
Wolf
07-02-2010 01:28 PM
maybe you are better of with this solution (depending on the location of your DNS)
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
btw you should change the puplic IP address in your last post.
Cheers Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide