Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Connect to outside ip from inside network

I just replace a clients PIX with an ASA 5510. They weren't using static nats and had all their servers set up with dual NICs. One connected to the internet and one to their inside network. Now that the ASA is in place, they are using static nats . However, one of their apps that they use on the internal network connects to an internet IP. It's hard coded and cannot be changed. So, now when they try to connect, it does not work. Is there any way to get this to work with the ASA?




Re: Connect to outside ip from inside network

Sure, but where is the destination? If it's on the dmz and the request is coming from the inside you can do destination nat.

static (dmz,inside) public.ip private.ip netmask

Or if the destination is on the inside along with the source then you have to hairpin.

same-security-traffic permit intra-interface

static (inside,inside) public.ip private.ip netmask

nat (inside) 1 0 0

global (inside) 1 interface

Please rate helpful posts.

New Member

Re: Connect to outside ip from inside network

They want to connect to an IP on the outside of the firewall that is natted back inside.

for example:

ftp to: which is natted to on the inside and make this connection from the internal network

So, for a destination nat, they would do:

static (outside,inside) netmask ?


Re: Connect to outside ip from inside network

So if you have something like

static (inside,outside) x.x.x.x y.y.y.y netmask

and the connection from inside is to x.x.x.x then you would use the hairpinning method I referenced above.

CreatePlease to create content