04-04-2009 03:58 AM
Hello!
Recently I've setup ASA5510 to meet the following criterias:
Cr1. inside users go to Internet with a single ip address (outside interface)
Cr2. DMZ contains http, mail servers that are NAT'ed to outside network
Cr3. Inside users access http, mail servers by their DMZ IP addresses (I split DNS here)
I would like to make some improvements to this config:
I1. Access to these NATed services from inside without need to split DNS, so I could use just one external DNS. Please note that I do not want to move both servers to outside and prefer to keep them on the DMZ.
I2. Make users from inside appear on Internet with a group of IP addresses instead of one single IP of outside ASA interface.
I3. NAT an inside Lotus Domino server to outside IP and be able to access it from inside by using it's NATed outside address as well as it's inside IP.
Improvement #3 I've half done easily, but cannot figure out how to make inside users access neither DMZ nor Inside hosts by their NATed outside IPs.
Any suggestions are greatly appreciated!
Thank you!
Solved! Go to Solution.
04-06-2009 06:10 AM
04-06-2009 06:10 AM
04-09-2009 06:19 AM
Thank you a lot! That worked.
04-13-2009 05:22 AM
Clark, could you comment if the following scenario is possible?
DMZ host I binated for inside users to connect onto outside address, this is cool. But I also have VPN users sitting in France, my dmz server must push email to through vpn site-to-site. So, what should be done here? NAT dmz address to inside network cannot be done as I already have (inside,dmz) dmz.address,external.address command and another (inside,dmz)dmz.address,inside.address would overlap the existing one.
Any chance of one host to NAT for two different addresses or this could be otherwise?
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide