https://community.cisco.com/t5/network-security/access-current-server-using-external-snat-ip/m-p/2130592#M394389 <HTML><HEAD></HEAD><BODY><P>When you are trying to access the server with its own ip address, the ASA will detect that, and will report that as the Land Attack, ie: accessing the host with its own ip address.</P><P></P><P>Since the translation is being configured on the ASA, the ASA knows that the private ip of the server is trying to access its own public ip address, hence will deny that traffic.</P><P></P><P>I would suggest that if you need to access the server with its own ip address, you would need to configure it to access its private ip address instead of the public IP. Or access its loopback address, which is normally 127.0.0.1</P></BODY></HTML> Mon, 10 Dec 2012 07:00:09 GMT Jennifer Halim 2012-12-10T07:00:09Z https://community.cisco.com/t5/network-security/access-current-server-using-external-snat-ip/m-p/2130591#M394382 <P>Hi there,</P><P></P><P>I have an ASA 5520 with a DMZ with private addresses that I SNAT to my outside network. </P><P>From inside the DMZ I can reach servers by both the internal private IP and the public IP, except if the IP is from the server trying to connect.</P><P>So, say I have server1 and server2. I can connect from server1 to server 2 with both public and private, but can't connect from server1 to server1' using the public IP.</P><P>ASA logs show that packets are being denied due to land attack.</P><P>DNS doctoring is not an option for me.</P><P>Is there a way to fix this?</P><P></P><P>Thanks.</P> Tue, 12 Mar 2019 00:35:11 GMT https://community.cisco.com/t5/network-security/access-current-server-using-external-snat-ip/m-p/2130591#M394382 Ricardo Duarte 2019-03-12T00:35:11Z https://community.cisco.com/t5/network-security/access-current-server-using-external-snat-ip/m-p/2130592#M394389 <HTML><HEAD></HEAD><BODY><P>When you are trying to access the server with its own ip address, the ASA will detect that, and will report that as the Land Attack, ie: accessing the host with its own ip address.</P><P></P><P>Since the translation is being configured on the ASA, the ASA knows that the private ip of the server is trying to access its own public ip address, hence will deny that traffic.</P><P></P><P>I would suggest that if you need to access the server with its own ip address, you would need to configure it to access its private ip address instead of the public IP. Or access its loopback address, which is normally 127.0.0.1</P></BODY></HTML> Mon, 10 Dec 2012 07:00:09 GMT https://community.cisco.com/t5/network-security/access-current-server-using-external-snat-ip/m-p/2130592#M394389 Jennifer Halim 2012-12-10T07:00:09Z