Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

The server Public IP not Accessable from internal Network

Hi

i have ASA 5510 version 8.3, i have a server in my internal network and published the HTTP service (so i configured NAT for this server).

the server public IP is accessable from the internet but its not accessable from the internal network.

although its accessable using its private IP address from the internal network.

any one has an explanation.....

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

The server Public IP not Accessable from internal Network

Mahmoud,

You can try this

nat (inside,dmz) source dynamic any interface destination static d-nat real-ip service tcp_80 tcp_80

Where dnat is public ip address of the server and real-ip is the ip address of the server in DMZ.

Puneet

6 REPLIES
Red

The server Public IP not Accessable from internal Network

Hi Mahmoud,

What you are trying to do is called u-turning on the ASA, you would need to put teh following configuration for it:

Lets assume that your server's public ip is 1.1.1.1 and private ip is 10.1.1.1

object network public

host 1.1.1.1

object newtork private

host 10.1.1.1

object service tcp_443

service tcp destination eq 443

nat (inside,inside) source static any interface destination static public private service tcp_443 tcp_4443

same-security-traffic permit intra-interface

sysopt noproxyarp inside

and it should work after this.

Let me know how it goes.

Hope that helps.

Thanks,

Varun

Please do rate helpful posts

Thanks, Varun Rao Security Team, Cisco TAC
Community Member

The server Public IP not Accessable from internal Network

Hi Varun

thank you for your reply.

the exact setup is as below,

- there are three zones; inside, outside, DMZ

- the published server is in DMZ Zone.

- the server is published using the outside interface IP address.

- the users trying to access the server using the public IP address from the inside zone.

so how will be the configuration in this way?

i tried the following but didnt success;

(

object network obj-10.0.3.10

host 10.0.3.10

object service tcp_80

service tcp destination eq www

nat (inside,dmz) source static any interface destination static interface obj-10.0.3.10 service tcp_80 tcp_80

sysopt noproxyarp inside

same-security-traffic permit inter-interface

)

Thanks

Community Member

The server Public IP not Accessable from internal Network

Hi varun,

Can u brief me regarding sysoptnoproxyarp command

Community Member

The server Public IP not Accessable from internal Network

Mahmoud,

You can try this

nat (inside,dmz) source dynamic any interface destination static d-nat real-ip service tcp_80 tcp_80

Where dnat is public ip address of the server and real-ip is the ip address of the server in DMZ.

Puneet

Community Member

The server Public IP not Accessable from internal Network

Dear Puneet

it worked.

Thank you all

Community Member

The server Public IP not Accessable from internal Network

Hi Mahmoud,

Nice to hear that it worked.

Please find this DOC on how to achieve the same.

https://supportforums.cisco.com/docs/DOC-21602

Puneet

892
Views
0
Helpful
6
Replies
CreatePlease to create content