Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Cisco ASA: How can I access the translated public IP from the inside?

Hello everyone, I have encountered this problem many times with the Cisco ASA and want to know how I can fix this this.

Here is the issue ...

We have a Cisco ASA and on the inside network we have a web server (192.168.1.10) translating to Pubic IP X.X.X.X.

From the outside when you put in X.X.X.X in your web browser it works.

Well if I am on the inside of the network and put in that Pubic IP of X.X.X.X it doesn't work.

Using a Linksys router works! But with a Cisco ASA it does not work! If I use the private IP it works of coarse.

Is there something I need to configure on the Cisco ASA to fix this where if I use the Public IP internally it will still work? Any sample configuration?

Thanks in advanced!

3 REPLIES

Re: Cisco ASA: How can I access the translated public IP from th

You could try and do the following:-

1) Allow intra-interface traffic

2) Create an inside to inside static nat translation.

HTH>

Re: Cisco ASA: How can I access the translated public IP from th

Hi,

You can place the webserver in its own DMZ.

In this case, all users who try to connect (from inside and outside) will use its public IP address.

regards,

Re: Cisco ASA: How can I access the translated public IP from th

Rashida,

Andrew prety much told you how to do it, and in addition to previous poster.

We have a Cisco ASA and on the inside network we have a web server (192.168.1.10) translating to Pubic IP X.X.X.X.

From the outside when you put in X.X.X.X in your web browser it works.

Well if I am on the inside of the network and put in that Pubic IP of X.X.X.X it doesn't work.

Simply do this in the firewall , HAIRPINING , given that your inside interface if_name argument is called inside

same-security-traffic permit intra-interface

static (inside,inside) < X.X.X.X > netmask <32_bit_mask>

if u happen to place your webserver in a DMZ environment and want from inside to access webserver localted

in DMZ via public IP address

you will need

same-security-traffic permit intra-interface

static (DMZ,inside) < X.X.X.X > netmask <32_bit_mask>

From withing DMZ host to access webserver via public IP , provided you have an inbound acl for your

outside interface allowing access to X.X.X.X on port 80

same-security-traffic permit intra-interface

static (DMZ,DMZ) < X.X.X.X > netmask <32_bit_mask>

Regards

PLS rate helpful posts if it helps

2749
Views
4
Helpful
3
Replies
CreatePlease to create content