Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

NAT Hairpin / DNS Rewrite

ASA Version 8.4(3)

interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 8.8.8.148 255.255.255.240
!

interface Ethernet0/3
 nameif inside
 security-level 100
 ip address 192.168.200.253 255.255.255.0
!

same-security-traffic permit intra-interface

object network External-Face-IP
 host 8.8.8.158

object network Network-London
 subnet 192.168.200.0 255.255.255.0

object network External-www.domain.com
 host 8.8.8.152

object network www.domain.com
 host 192.168.200.66

access-list outside_access_in extended permit tcp any object www.domain.com eq www 

nat (outside,inside) source static any any destination static any any destination static External-www.domain.com www.domain.com

Hi All,

I'm having difficulty configuring a NAT Hairpin (I believe is called this) on my Cisco ASA 5510.

I have a website "www.domain.com"; hosted on a server on our internal network. Externally people can access the website no problem but when attempting to access it internally, the website never resolves. I believe this is because the websites is on the same external ip subnet as the external face ip and the ASA needs to realise this and redirect to the internal ip address.

Can someone please take a look at my config about and suggest what I have done wrong?

UPDATE:

I guess what I am after is this:

http://www.techrepublic.com/blog/data-center/cisco-asa-and-dns-pain-is-there-a-doctor-in-the-house/#.

BUT with up-to-date syntax as the above link syntax doesn't seem to work for me.

 

Many thanks,

Tarran

 

Everyone's tags (1)
1 REPLY
Cisco Employee

Hello Taran,

246
Views
0
Helpful
1
Replies
CreatePlease to create content