ASA 5505 outside IP address overlapp with inside

Unanswered Question
Jul 13th, 2010

This is our situation. On the outside interface we have  ip add which we translated in ip add on inside interface. Also this host on LAN has secondary address How configure on ASA when internal clients ping or access to  use it on inside interface not going to outside. Note: other similar devices use alias command. Is ti possible configurie on ASA?

Any help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
August Ritchie Wed, 07/21/2010 - 10:38


It looks like what you are wanting to do is a u-turn/hairpinning. This is also assuming you are running 8.2 or earlier.

From what I gather you need to ping a device with two IP addresses:

1. To its primary IP (This works now I assume)

2. To its secondary IP (This does not work, again assumption)

but the problem right now you don't want it to take the default route outside when pinging

For the sake of example, lets say is on the inside and we want to u-turn on this interface.

Here is the configuration we would need.

same-security-traffic permit intra-interface //This allows us to go from inside to inside

nat (inside) 1 //Most configurations already have this just make sure that the nat ID (1 in this case) matches the global below

global (inside) 1 interface //This allows the ASA to act as a proxy between the hosts to avoid asymmetric routing

static (inside,inside) netmask // This is used to do identity destination NAT

You can see another example of this configuration below


This Discussion