I've run into a problem with an ASA5510. Basically what I need to do is allow traffic from one NAT'd address to another NAT'd address on the same external interface.
So I have a client PC on an internal network and it initiates a call (on port 80) to an external IP address. But that external IP address is in fact a static NAT address being translated on that same external interface (the back-end IP is a load-balanced web server pool).
How do I allow that access?
Thanks for any input,
8.3.1... tricky tricky... Here is something that may work in that situation:
object network host_A_internal
object network host_A_external
object network host_B_internal
object network host_B_external
nat (internal,internal) source static host_A_internal host_A_external destination static host_B_external host_B_internal
Basically we are NATting both the source and destination when we hairpin... We have to NAT the source since the return traffic must hit the ASA since it is TCP and we need to see both sides of the conversation.