I have a client who has a particular server running some very proprietary software. In order for this software to work, the client must access the server's web page (port 80) via its public IP address. He has to do this from a computer that's actually on the same internal network as the server. This seems to be causing problems, as the ASA5505 they have does not, I believe, like allowing traffic out only to have it come right back in again.
Is there some way I can get this to work? Everything is being done via port 80, but the need for the page to be accessed via the public IP address is an odd one. The server has its own public IP address which is static (inside,outside) mapped, so it's not using the public IP of the ASA itself for internet-originated traffic.
Considering they just purchased these three ASA5505s to replace their SonicWalls, I don't think they'd be happy to buy yet another new firewall. As for setting up dns on the external network, what do you mean? Just point the ASA at an external DNS server, or something else?
it sounds like you need to use DNS doctoring. If I understood correctly the web server physical IP address is private, however access from the Internet points to a public IP address which is statically NATed on the ASA correct ..? When that application access the web server .. does it use host name ..i.e www.whatever.com .. or does it use the IP address ..? if it use the host name .. then you could add an entry on the hosts file pointing i.e www.whaterver.com X.X.X.X where X.X.X.X is the PRIVATE ip address of the server. Another option is using DNS doctoring. This is done by adding dns at the end of the static(inside,outside) ... you have configured for that server. Note that in order for the last option to work you need to make sure that the dns server resolving www.whatever.com is outside of the firewall i.e any public DNS server.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :