Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
jsd
Community Member

ASA 5505 use public IP from inside

I have some services at our corporate network that are published using our public IP. All services works fine from outside our net but I need them to be available from the inside too. I need some directions on how to solve such a problem.

For example: http-traffic to our public IP from the inside must make a u-turn back into my ASA.

Thank you for any clues!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA 5505 use public IP from inside

You would have to configure static NAT (inside,inside) for every host/service that you want the ASA redirect the traffic back to the inside interface when the client tries to get to the outside address of the server.

HTH

Sundar

5 REPLIES
Community Member

Re: ASA 5505 use public IP from inside

Re: ASA 5505 use public IP from inside

Jonas,

Paul has provided you the correct link to address your situation. As explained in the link you have two options.

1. DNS doctoring

2. NAT Hairpinning

Either one should work. Choose the solution that's appropriate for your environment.

HTH

Sundar

jsd
Community Member

Re: ASA 5505 use public IP from inside

Thank you guys. Found that link just before I read your posts (should have done some searching first, lazy me...).

As I understand it, I must create statics for each and every service that I want to access from the inside (given the usage of our public IP). Isn't there a way to just say: "All traffic to [outside-ip] from [inside-subnet] shall be hairpinned to [outside-ip]"? Then I can leave all my port forwards as is.

Am I making sense?

Re: ASA 5505 use public IP from inside

You would have to configure static NAT (inside,inside) for every host/service that you want the ASA redirect the traffic back to the inside interface when the client tries to get to the outside address of the server.

HTH

Sundar

jsd
Community Member

Re: ASA 5505 use public IP from inside

OK, thank you Sundar! That answer my questions.

Interesting that this never was a problem with my previous firewalls from Symantec. I guess it means that those boxes always created an equivalent to static(inside, inside) every time you made a "port forward" behind the scenes.

Again, thanks for fast and helpful answers.

195
Views
15
Helpful
5
Replies
CreatePlease to create content