Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allow egress traffic on an outside interface back in the same interface

Our web site is hosted on our internal network (not on a DMZ).  Attempting to contact it from the INSIDE network, through our ASA5510 at its DNS-acquired public internet address fails.  Access to this site from OUTSIDE works.  Both "same-security-traffic permit inter-interface", and
"same-security-traffic permit intra-interface" are configured.  Do I need a static route? If so, how is this configured?  Thanx!

4 REPLIES
Cisco Employee

Re: Allow egress traffic on an outside interface back in the sam

You only need intra-interface.

You need static (inside,inside) 10.10.10.1 10.10.10.1

for the host that is trying to load the page using the public address. and also

static (inside,inside) public_IP_of_webserver private_ip_webserver

BTW, the correct way to do this is to access the server using it private address from the inside and not the translated address.

-KS

New Member

Re: Allow egress traffic on an outside interface back in the sam

Excellent!  BTW, as I am the newbie here, I didn't know the inside web server address.  It turns out that this type of issue has been buggeing these folks for a while.  I'll implement this and let you know the results.  Thank you!

Wolf

New Member

Re: Allow egress traffic on an outside interface back in the sam

Well, that didn't work.  I applied:

static (in_Laker,in_Laker) 10.10.30.208 10.10.30.208
static (in_Laker,in_Laker) 192.168.1.232 10.10.30.156

where 10.10.30.208 is my machine, 192..168.1.232 is the outside and 10.10.30.156 the inside IP of the web server.  in_Laker is the name of the inside interface.  Any additional thoughts?  Thanx!

Wolf

New Member

Re: Allow egress traffic on an outside interface back in the sam

maybe you are better of with this solution (depending on the location of your DNS)

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

btw you should change the puplic IP address in your last post.

Cheers Michael

218
Views
0
Helpful
4
Replies
CreatePlease to create content