Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

I have a question about ASA NAT!

My inside network have a web server that need static mapped to public network.
How to solve the internal users access server problem after using a mapping address?

The topology:


user2==========internet=======OUTSIDE-ASA--DMZ----web server

int g0
nameif outside
ip add 100.1.1.1 255.255.255.252
no shu
int g1
nameif inside
ip add 192.168.1.254 255.255.255.0
no shu
int g2
nameif DMZ
security-level 50
ip add 172.16.1.254 255.255.255.0
no shu

route outside 0 0 100.1.1.2


object network inside-to-outside
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) dynamic interface

object network DMZ-static-80
host 192.168.1.10
nat (dmz,outside) static 100.1.1.1 service tcp 80 80


Now,user2 can access the ASA dmz zone web servers port 80.
but,the inside user can not access web-server.because the destination address is 100.1.1.1 that is ASA outside port. so the packet is drops.
How to solve this question?
The existing environment, are not allowed to add DNS server in the inside!

Comments
Community Member

Ask user to try this IP for 192.168.1.10 for local

Community Member

The user wants to direct access to the Outside domain name to a web server communication

108
Views
0
Helpful
2
Comments