10-08-2010 05:30 AM - edited 03-11-2019 11:52 AM
Hi,
I need to configure hairpinnig to asa with 8.3 software.
There is a web server located in lan. Clients have to connect it via public name, and name resolves to public ip.
I have static nat for that server - it works fine from outside, but inside hosts cannot access it.
How to proceed?
10-08-2010 06:21 AM
You may rather use dns doctoring than hairpining of the server is on the same interface than lan server.
Basically, you create a static nat entry of your public and private server adress adding the dns keyword.
More explanation here:
10-08-2010 07:25 AM
Those NAT example are for pre-8.3 software. As you know nat is quite different now.
10-08-2010 06:33 AM
You have a couple of different options. Check the following link-
10-08-2010 07:27 AM
Internal DNS is solution for us.
I'm just curious how to do it with 8.3 software by hairpinning or dns rewrite.
10-08-2010 08:33 AM
Hi,
If the server is located on the same interface as the clients (i am asuming "inside" over here) , the command will look something like this:
object network Server
host 10.1.1.1
nat (inside,inside) static 1.1.1.1
Here, i have assumed the public IP of the server returned by your DNS server is 1.1.1.1 and the real IP address of the server is 10.1.1.1. In addition you will also need
same-security-traffic permit intra-interface
and also "tcp-state-bypass" and "random-sequence-number disable". Assuming your network range of client is 10.1.1.0/24, the config would look something like this:
access-list bypass permit tcp 10.1.1.0 255.255.255.0 host 10.1.1.1
class-map bypass
match access-list bypass
policy-map global_policy
class bypass
set connection advanced option tcp-state-bypass
set connection random-sequence-number disable
Hope this helps!!
Thanks and Regards,
Prapanch
10-11-2010 09:50 AM
If your dns request from the inside go through this ASA, I think the easier solution dns doctoring. The syntax for 8.3 would be
object network Server
host 10.1.1.1
nat (inside,inside) static 1.1.1.1 dns
I hope it helps.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide