Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Access DMZ server from Inside with outside NAT IP

I have a quick question. Can the ASA 7.2 code support the following setup. There is a web server in the DMZ and has a public IP that is NAT'ed to a public IP address. We have internal users that need to access this server via it's external IP address instead of the DMZ IP. Is this possible with the ASA? I know it was not with the Pix 500 and ver 6.3 code.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Access DMZ server from Inside with outside NAT IP

Well, it wouldn't be hairpinning from inside to dmz...I know you know that jon, haha.

Here is an easy and good way to do it, other than dns doctoring....destination nat.

static (dmz,inside) netmask 255.255.255.255

4 REPLIES
Hall of Fame Super Blue

Re: Access DMZ server from Inside with outside NAT IP

Hi

Yes you can do this with either DNS doctoring or hairpinning which is new to v7.x code.

Attached is a document that covers both solutions.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

HTH

Jon

Green

Re: Access DMZ server from Inside with outside NAT IP

Well, it wouldn't be hairpinning from inside to dmz...I know you know that jon, haha.

Here is an easy and good way to do it, other than dns doctoring....destination nat.

static (dmz,inside) netmask 255.255.255.255

Green

Re: Access DMZ server from Inside with outside NAT IP

As jon said you may also want to consider dns doctoring.

With the destination nat method above, you probably won't be able to contact the dmz server with it's dmz address after you add that static statment.

New Member

Re: Access DMZ server from Inside with outside NAT IP

That is ok, we do not need to access the DMZ IP. This solution works for us. Thank you!

179
Views
4
Helpful
4
Replies
CreatePlease to create content