We have an internal webserver which is available from the internet via a public IP using a static NAT. This server sits in it's own VLAN off our ASA using a sub-interface (trunk into a switch). Our developers have asked if our internal users could also use this public IP to access the server? It will save them lots of re-programming apparently, is this possibe?
So if I wanted to get to this public IP (which is on the ASA anyway), it doesn't go out to the internet, but maybe just NAT's to this internal IP?
Would a NAT work, I looked at you link and it looks very similar to a NAT.
I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:
Currently we have a NAT for 100.100.100.2 > 192.168.15.8 from the Outside to VLAN2 web server. We want VLAN2 to ba able to contact 100.100.100.2 and not go out on the global IP. I added 'static (VLAN1,VLAN2) 192.168.15.8 100.100.100.2 netmask 255.255.255.255 dns tcp 0 0 udp 0' but the traffic goes to the outside.
I thought anything on VLAN1 trying to get to 100.100.100.2 would translate to 192.168.15.8?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...