how to let inside user access outside NATed IP addresses?
Recently I've setup ASA5510 to meet the following criterias:
Cr1. inside users go to Internet with a single ip address (outside interface)
Cr2. DMZ contains http, mail servers that are NAT'ed to outside network
Cr3. Inside users access http, mail servers by their DMZ IP addresses (I split DNS here)
I would like to make some improvements to this config:
I1. Access to these NATed services from inside without need to split DNS, so I could use just one external DNS. Please note that I do not want to move both servers to outside and prefer to keep them on the DMZ.
I2. Make users from inside appear on Internet with a group of IP addresses instead of one single IP of outside ASA interface.
I3. NAT an inside Lotus Domino server to outside IP and be able to access it from inside by using it's NATed outside address as well as it's inside IP.
Improvement #3 I've half done easily, but cannot figure out how to make inside users access neither DMZ nor Inside hosts by their NATed outside IPs.
Re: how to let inside user access outside NATed IP addresses?
Clark, could you comment if the following scenario is possible?
DMZ host I binated for inside users to connect onto outside address, this is cool. But I also have VPN users sitting in France, my dmz server must push email to through vpn site-to-site. So, what should be done here? NAT dmz address to inside network cannot be done as I already have (inside,dmz) dmz.address,external.address command and another (inside,dmz)dmz.address,inside.address would overlap the existing one.
Any chance of one host to NAT for two different addresses or this could be otherwise?
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...