I have an ASA 5505 at home and I am currently staticly NATing my internal resources to the outside world successfuly. My only problem is that when I try to access my internal resources by name from the inside, they resolve to the IP of my external interface and I am unable to access them.
I know the simple solution would be to make a host file entry or modify my DNS, but I am unwilling to let the ASA beat me.
I assume I need some sort of ACL to stop NATing or some sort of NAT exemption, but am unsure of what to do. Can anyone help me?
Here is the link which explains both. DNS doctoring will actually change the resolved ip address in the ASA to the inside address. Hairpinning will allow you to request the public address and allow you to bounce off the inside interface of the ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...