Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT help

Hello,

We have an internal webserver which is available from the internet via a public IP using a static NAT.  This server sits in it's own VLAN off our ASA using a sub-interface (trunk into a switch). Our developers have asked if our internal users could also use this public IP to access the server?  It will save them lots of re-programming apparently, is this possibe?

So if I wanted to get to this public IP (which is on the ASA anyway), it doesn't go out to the internet, but maybe just NAT's to this internal IP?

2 REPLIES
New Member

Re: NAT help

Hi,

ASA wont allow port redirection, so you may need to use the DNS doctoring feature..
If accessing the server via the internal IP address meets your needs, then you may want
to try DNS doctoring.


New Member

Re: NAT help

Would a NAT work, I looked at you link and it looks very similar to a NAT.

I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:

info example:

interfaces:

inside (192.168.1.1)

outside (100.100.100.1)

VLAN1 (172.25.1.x)

VLAN2 (192.168.15.x)

Currently we have a NAT for 100.100.100.2 > 192.168.15.8 from the Outside to VLAN2 web server.  We want VLAN2 to ba able to contact 100.100.100.2 and not go out on the global IP.  I added 'static (VLAN1,VLAN2) 192.168.15.8 100.100.100.2 netmask 255.255.255.255 dns tcp 0 0 udp 0' but the traffic goes to the outside.

I thought anything on VLAN1 trying to get to 100.100.100.2 would translate to 192.168.15.8?

194
Views
0
Helpful
2
Replies