in our internal LAN, I have some different servers, which can be access from the Internet by different ports. I do this by using NAT with specific services.
So let's say, we have the following IP addresses:
External IP address: 188.8.131.52
External domain www.mycompany.de which points to 184.108.40.206
Internal IP Address 192.168.1.1
My local PC: 192.168.1.2
Internal IP of my Webserver: 192.168.1.3
Now, I'd like use www.mycompany.de to access my own website.
From outside this works fine, but from inside I just can't get it. I read some articles about hairpinning and tested some configurations.
DNS doctoring is no option, becuase I'd like to use it for different services (ports), that are hosted by different servers.
same-security-traffic permit intra-interface
nat (inside,outside) source static obj_192-168-1-3 interface service obj-tcp-source-eq-443 obj-tcp-source-eq-443
- NAT entry to reach the website from ouside. works fine.
nat (inside,inside) source static obj-external-ip obj_192-168-1-3 service obj-tcp-source-eq-443 obj-tcp-source-eq-443
- Test to reach it from inside, doesn't work.
- I already switched "obj-external-ip" and "obj_192-168-1-3", but this still doesn't work
When I try to reach the website now, I just get the following error in the log:
"Failed to locate egress interface for TCP from inside:192.168.1.2/64490 to 220.127.116.11/443"
I used this example, but unfortunately, this is for the "old" (< 8.2) configuration, so it doensn't work on newer versions:
I think I am missing the following command, but i can't figure out, how it should be in new configuration formats:
nat (inside) 1 192.168.100.0 255.255.255.0
!--- The NAT statement defines which traffic should be natted.
!--- The whole inside subnet in this case.
Maybe someone can help me?