https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827672#M490886 <P>Hi</P><P></P><P>i have ASA 5510 version 8.3, i have a server in my internal network and published the HTTP service (so i configured NAT for this server).</P><P></P><P>the server public IP is accessable from the internet but its not accessable from the internal network.</P><P></P><P>although its accessable using its private IP address from the internal network.</P><P></P><P>any one has an explanation.....</P><P></P><P>Thanks </P> Mon, 11 Mar 2019 22:03:13 GMT mahmoud.yasin 2019-03-11T22:03:13Z https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827672#M490886 <P>Hi</P><P></P><P>i have ASA 5510 version 8.3, i have a server in my internal network and published the HTTP service (so i configured NAT for this server).</P><P></P><P>the server public IP is accessable from the internet but its not accessable from the internal network.</P><P></P><P>although its accessable using its private IP address from the internal network.</P><P></P><P>any one has an explanation.....</P><P></P><P>Thanks </P> Mon, 11 Mar 2019 22:03:13 GMT https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827672#M490886 mahmoud.yasin 2019-03-11T22:03:13Z https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827673#M490889 <HTML><HEAD></HEAD><BODY><P>Hi Mahmoud,</P><P></P><P>What you are trying to do is called u-turning on the ASA, you would need to put teh following configuration for it:</P><P></P><P>Lets assume that your server's public ip is 1.1.1.1 and private ip is 10.1.1.1</P><P></P><P>object network public</P><P>host 1.1.1.1</P><P></P><P>object newtork private</P><P>host 10.1.1.1</P><P></P><P>object service tcp_443</P><P>service tcp destination eq 443</P><P></P><P>nat (inside,inside) source static any interface destination static public private service tcp_443 tcp_4443</P><P></P><P>same-security-traffic permit intra-interface</P><P>sysopt noproxyarp inside</P><P></P><P></P><P>and it should work after this.</P><P></P><P>Let me know how it goes.</P><P></P><P>Hope that helps.</P><P></P><P>Thanks,</P><P>Varun</P><P></P><P>Please do rate helpful posts</P></BODY></HTML> Sun, 18 Dec 2011 16:13:50 GMT https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827673#M490889 varrao 2011-12-18T16:13:50Z https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827674#M490891 <HTML><HEAD></HEAD><BODY><P>Hi Varun</P><P></P><P>thank you for your reply.</P><P></P><P>the exact setup is as below,</P><P></P><P>- there are three zones; inside, outside, DMZ</P><P>- the published server is in DMZ Zone.</P><P>- the server is published using the outside interface IP address.</P><P>- the users trying to access the server using the public IP address from the inside zone.</P><P></P><P>so how will be the configuration in this way?</P><P></P><P>i tried the following but didnt success;</P><P></P><P>(</P><P>object network obj-10.0.3.10 </P><P> host 10.0.3.10</P><P></P><P>object service tcp_80 </P><P> service tcp destination eq www </P><P></P><P>nat (inside,dmz) source static any interface destination static interface obj-10.0.3.10 service tcp_80 tcp_80</P><P></P><P>sysopt noproxyarp inside</P><P></P><P>same-security-traffic permit inter-interface</P><P></P><P>)</P><P></P><P>Thanks</P></BODY></HTML> Mon, 19 Dec 2011 08:53:56 GMT https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827674#M490891 mahmoud.yasin 2011-12-19T08:53:56Z https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827675#M490892 <HTML><HEAD></HEAD><BODY><P>Hi varun,</P><P></P><P>Can u brief me regarding sysoptnoproxyarp command</P></BODY></HTML> Mon, 19 Dec 2011 12:57:50 GMT https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827675#M490892 prashantrecon 2011-12-19T12:57:50Z https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827676#M490893 <HTML><HEAD></HEAD><BODY><P>Mahmoud,</P><P></P><P>You can try this</P><P></P><P>nat (inside,dmz) source dynamic any interface destination static d-nat real-ip service tcp_80 tcp_80</P><P></P><P>Where dnat is public ip address of the server and real-ip is the ip address of the server in DMZ.</P><P></P><P></P><P>Puneet</P></BODY></HTML> Tue, 20 Dec 2011 16:22:19 GMT https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827676#M490893 puseth 2011-12-20T16:22:19Z https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827677#M490894 <HTML><HEAD></HEAD><BODY><P>Dear Puneet</P><P></P><P>it worked.</P><P></P><P>Thank you all</P></BODY></HTML> Thu, 22 Dec 2011 08:59:35 GMT https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827677#M490894 mahmoud.yasin 2011-12-22T08:59:35Z https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827678#M490895 <HTML><HEAD></HEAD><BODY><P> Hi Mahmoud,</P><P></P><P>Nice to hear that it worked.</P><P></P><P>Please find this DOC on how to achieve the same.</P><P><A _jive_internal="true" href="https://community.cisco.com/docs/DOC-21602">https://supportforums.cisco.com/docs/DOC-21602</A></P><P></P><P>Puneet</P></BODY></HTML> Thu, 22 Dec 2011 09:05:12 GMT https://community.cisco.com/t5/network-security/the-server-public-ip-not-accessable-from-internal-network/m-p/1827678#M490895 puseth 2011-12-22T09:05:12Z