Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1318
Views
5
Helpful
7
Replies

Allow inside host to access inside server through its outside IP?

anders.lindback
Level 1
Level 1

‎05-23-2014 01:45 AM - edited ‎03-11-2019 09:14 PM

Hi everyone, I need some 9.1 NAT help!

 

Got a subnet,.. 192.168.10.0/24 .. on this subnet both clients and servers are located.

 

I'm currently NAT'ing (server) 192.168.10.10 to our outside interface IP and allowing ports 80 from the Internet.

Now, our inside clients needs to access the server through our external DNS that points at the ASA outside interface..

 

How do I do this NAT config?

 

Like this 

192.168.10.0/24 -> External IP ->  Inside server IP

 

Is this correct?

 

Object network Internal_To_Server_192.168.10.10

host 192.168.10.10

nat (Outside,Inside) static <external ASA outside IP> 80 80

 

is that correct?

 

Thanks 

Labels:
0 Helpful
7 Replies 7

WALTER GROSSENBACHER
Level 1
Level 1

‎05-23-2014 02:21 AM

Try this:

object network INSIDE-SERVER

host 192.168.10.10

!

object network INSIDE-SERVER

nat (inside,outside) static <outside-ip>

0 Helpful

anders.lindback
Level 1
Level 1
In response to WALTER GROSSENBACHER

‎05-23-2014 02:26 AM

That will get my server the external Ip address of the ASA

 

I need my inside hosts to be able to connect to the that outside IP and get it pointing inwards at 192.168.10.10

 

old NAT

static (outside,inside) <external ip> 192.168.10.10 service www .. i think.. been awhile since I did ASA config. 

0 Helpful

WALTER GROSSENBACHER
Level 1
Level 1
In response to anders.lindback

‎05-23-2014 03:50 AM

I don't know what you are looking for. Is it a NAT from an external IP to an internal address or the opposite way? Can you tell me which address you wonna NAT to which address & from which interface to which interface. Maybe you have even a drawing....

 

cheers

Walter

0 Helpful

anders.lindback
Level 1
Level 1
In response to WALTER GROSSENBACHER

‎05-23-2014 04:33 AM

When local clients 192.168.10.0/24 tries to go to (http) 213.10.10.10 that they should be directed to 192.168.10.10 instead.

 

"213.10.10.10" is the outside IP address of the ASA just a fyi

WALTER GROSSENBACHER
Level 1
Level 1
In response to anders.lindback

‎05-23-2014 04:44 AM

In this case try this

 

object network OUTSIDE-SERVER

host 213.10.10.10

 

!

object network OUTSIDE-SERVER

nat (outside,inside) static 192.168.10.10

0 Helpful

anders.lindback
Level 1
Level 1
In response to WALTER GROSSENBACHER

‎05-23-2014 06:26 AM

Thanks, I'll give this a go and get back to you if it works!

 

 

0 Helpful

anders.lindback
Level 1
Level 1
In response to anders.lindback

‎05-26-2014 07:51 AM

I did not get this to work, Cisco TAC did a static NAT instead

 

nat (Inside,Inside) 1 source static obj-Internal_Networks obj-Internal_Networks destination static obj-213.10.10.10 obj-192.168.10.10 service desthttp desthttp

 

I need to start learning 8.3 updates :D

 

Thanks for the help!

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card