Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT help


We have an internal webserver which is available from the internet via a public IP using a static NAT.  This server sits in it's own VLAN off our ASA using a sub-interface (trunk into a switch). Our developers have asked if our internal users could also use this public IP to access the server?  It will save them lots of re-programming apparently, is this possibe?

So if I wanted to get to this public IP (which is on the ASA anyway), it doesn't go out to the internet, but maybe just NAT's to this internal IP?

New Member

Re: NAT help


ASA wont allow port redirection, so you may need to use the DNS doctoring feature..
If accessing the server via the internal IP address meets your needs, then you may want
to try DNS doctoring.

New Member

Re: NAT help

Would a NAT work, I looked at you link and it looks very similar to a NAT.

I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:

info example:


inside (

outside (

VLAN1 (172.25.1.x)

VLAN2 (192.168.15.x)

Currently we have a NAT for > from the Outside to VLAN2 web server.  We want VLAN2 to ba able to contact and not go out on the global IP.  I added 'static (VLAN1,VLAN2) netmask dns tcp 0 0 udp 0' but the traffic goes to the outside.

I thought anything on VLAN1 trying to get to would translate to