Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco Employee

ASA-how to access internal server by public address in inside network

Hi,

I meet one issue by using ASA5550.

There are 2 interfaces which is configured in firewall, one is acted as inside and other is acted as outside. I configured static PAT from outside to inside and map one public address to internal e-mail server and dynamic PAT frame inside to outside.

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 212.x.x.1 https 10.x.x.1 https netmask 255.255.255.255

212.x.x.1 is public address which present e-mail server in public network

10.x.x.1 is private address which is e-mail server in private(inside) network

ip address of outside interface is 219.x.x.2/252

1, when I access e-mail server from public network ,it work fine; when I access e-mail server in inside network by using private address 10.x.x.1, it work fine

2, But when I access e-mail server in private(inside) network by using public address 212.x.x.1, it can not work.

I don't know why it is. pls help me to check it.

Thanks

Jun Xu

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA-how to access internal server by public address in insid

you need enabling DNS doctoring or hairpining, refer to this link for more details.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#intro

HTH

Jorge

5 REPLIES

Re: ASA-how to access internal server by public address in insid

you need enabling DNS doctoring or hairpining, refer to this link for more details.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#intro

HTH

Jorge

Cisco Employee

Re: ASA-how to access internal server by public address in insid

Hi Jorge

Thanks for your reply!

That is good method to solve issue of some applications which used DNS to get ip address. But if some application use public ip address of e-mail server to access in inside world, the problem will be occurred. In customer site , some users just do like this.

How can we solve?

Thanks

Jun

Re: ASA-how to access internal server by public address in insid

Jun, go over this thread as there is a conversation on exactly your issue.. you are still looking a hairpinning.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddecce5

Green

Re: ASA-how to access internal server by public address in insid

same-security-traffic permit intra-interface

static (inside,inside) tcp 212.x.x.1 https 10.x.x.1 https netmask 255.255.255.255

global (inside) 1 interface

nat (inside) 1 0 0

Cisco Employee

Re: ASA-how to access internal server by public address in insid

it is good solution in my customer site.

Thanks all of your help.

1468
Views
5
Helpful
5
Replies