Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access to public IP address from Inside

Hi all

I need to connect from an inside host to a host located in the DMZ zone for DNS queries. The host in the DMZ zone has a static NAT to the outside. The point now is that I would like to connect from inside to the NATed outside address, means to the public Internet address.

Inside host: 10.0.0.1 -> PAT for 10.0.0.0/8 to 20.0.0.254 (Outside Interface)

DMZ host: 192.168.1.1 -> NAT to outside to 20.0.0.1

The traffic should be 10.0.0.1 udp>1024 to 20.0.0.1 udp=53. The source IP address on the outside interface now is 20.0.0.254 (according to the PAT), the destination IP address 20.0.0.1. The DNS reply from 20.0.0.1 should go back now to 20.0.0.254 and then to the inside host 10.0.0.1.

I know that on the PIX it was not possible, to have outgoing traffic on the outside interface which immediately enters again the same interface. Can I realize this scenario with the ASA 8.4(3) release now?

Thank you

Markus

Everyone's tags (6)
1 REPLY
New Member

Access to public IP address from Inside

Hi all

does anybody has an idea about this topic?

Thank you

Markus

488
Views
0
Helpful
1
Replies
CreatePlease login to create content