Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix Loopback??

I have a 515E running 7.2(2) with two interfaces. This firewall is the default gateway for all internal systems. I have an inside host with a static translation... ACL allows access to this host from the Internet. What I need, if possible, is to have *internal* clients access the host using it's public address.

^scratches head^

Thanks for your help!

Regards,

JD

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Pix Loopback??

You may want to look into hairpining with static nat, take a look at this link mid way down.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Rgds

-Jorge

5 REPLIES

Re: Pix Loopback??

You may want to look into hairpining with static nat, take a look at this link mid way down.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Rgds

-Jorge

New Member

Re: Pix Loopback??

Hairpinning provides the necessary access. Thanks for your prompt response, Jorge!

-JD

Re: Pix Loopback??

Jonathan, glad it worked and thank you for the rating.

Rgds

-Jorge

New Member

Re: Pix Loopback??

Hi,

I am not sure if it would work, but can you setup a static translation from the internal interface to the internal interface and map the internal IP address to the IP? I tried to enter the command on a production ASA running v7 code and it didn't complain that I was doing a NAT on the same interface. I haven't tested if it works though.

If that doesn't work, my suggestion would be to setup the server on a seperate VLAN to the rest of your internal network and change the internal interface to use trunking, that way you should be able to setup NATs from the 'internal' interface and from the 'external' interface with the same IP address to the 'server' interface, and not have to use any other interfaces.

That is assuming that you are not using the external IP address of the PIX for the static translation. If you are using the external interface IP for the translation, I am not sure if it will work.

Anyone else with suggestions?

New Member

Re: Pix Loopback??

I appreciate your response.

I followed the hairpinning configuration sample in the link that Jorge supplied and it worked exactly as needed.

All clients, Internet and internal, access the host with the public (NAT) address. I verified with traceroute and by simply looking in the Pix's log.

-JD

216
Views
0
Helpful
5
Replies
CreatePlease to create content