Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Accessing DMZ webserver from inside using public IP

Hi,

I have an ASA 5510 with a webserver in the dmz that is accessible to the outside from it's public IP (thanks to some help here yesterday), but not to the inside interface. I think I'm setting up the static NAT incorrectly.

The public IP is xx.xx.184.88 and the real IP is 172.16.0.176. I would like to use the public to view it from the inside interface. How would I configure that?

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Accessing DMZ webserver from inside using public IP

Sure that would be fine. You should have something like...

static (inside,dmz) 10.39.239.0 10.39.239.0 netmask 255.255.255.0

4 REPLIES
Green

Re: Accessing DMZ webserver from inside using public IP

static (dmz,inside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

or

static (dmz,inside) tcp xx.xx.184.88 www 172.16.0.176 www netmask 255.255.255.255

Hope it helps.

New Member

Re: Accessing DMZ webserver from inside using public IP

That moved the problem. Now I'm getting a "305006 partmap translation creation failed for tcp src inside:10.39.239.107/2198 dst dmz:xx.xx.184.88"

Should I post the config? Thanks!

Green

Re: Accessing DMZ webserver from inside using public IP

Sure that would be fine. You should have something like...

static (inside,dmz) 10.39.239.0 10.39.239.0 netmask 255.255.255.0

New Member

Re: Accessing DMZ webserver from inside using public IP

That fixed it, thanks!

137
Views
0
Helpful
4
Replies
CreatePlease to create content