I have a requirement to access one of our outside interface IP addresses from inside the network.
The scenario is we have teleworker devices that we provision in house before sending out. These devices cannot use a hostname but must be programmed with the IP. I would like to able to confirm these devices are working before shipping them out.
I've been attempting some kind of loopback/hair pinning NAT rules but haven't managed to get one working yet.
There's no provision for interface loopback in Cisco ASA. What you can do is, set an IP Address, Subnetmask and Default Gateway on those teleworker devices, place them on the INSIDE nameif of the Cisco ASA, and try to access devices on the OUTSIDE nameif of the Cisco ASA. You can ping the OUTSIDE IP Address from INSIDE, provided you've the management-access outside command, but this is messy.
P/S: If you think this comment is useful, please do rate them nicely :-)
Ramraj Sivagnanam Sivajanam
Technical Specialist/Service Delivery Manager – Managed Service Department
As I understand it, DNS doctoring simply hijacks the DNS request and replaces the external IP with the internal. I don't see how that is going to help considering there are no DNS requests taking place.
If I could programme the teleworker devices with a hostname I would just run split DNS and call it a day. Unfortunately I cannot.
As much as I dislike SonicWALL devices, a loopback NAT rule is a 15 second task on them. In fact most are auto generated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...