https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483046#M711221 <HTML><HEAD></HEAD><BODY><P>Good to hear, and thanks for the update and rating.</P></BODY></HTML> Tue, 18 May 2010 06:19:30 GMT Jennifer Halim 2010-05-18T06:19:30Z https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483043#M711056 <P>Hi,</P><P></P><P>Is it possible to access internal servers using public IP. The server and the client, Both are in inside DMZ.</P><P></P><P>The server has a static nat.The client uses global IP. ASA 5540 is been used</P><P></P><P>Regards,</P><P>Manish Gupta</P> Mon, 11 Mar 2019 17:46:25 GMT https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483043#M711056 QPM277111 2019-03-11T17:46:25Z https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483044#M711111 <HTML><HEAD></HEAD><BODY><P>Yes you can.</P><P></P><P>Assuming you have the following:</P><P>Inside network: 192.168.1.0/24</P><P>DMZ network (where the server is): 192.168.5.0/24</P><P>Server IP: 192.168.5.5 --&gt; NATed to 200.1.1.5</P><P></P><P>From the above, I assume you already have the following configured:</P><P></P><P>static (dmz,outside) 200.1.1.5 192.168.5.5 netmask 255.255.255.255</P><P>static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0</P><P></P><P>Assuming that you would like to access the public ip of the server 200.1.1.5 from the inside network, you need to add the following:</P><P></P><P>static (dmz,inside) 200.1.1.5 192.168.5.5 netmask 255.255.255.255</P><P>no sysopt noproxyarp inside</P><P></P><P>If you have ACL assigned to the inside interface, you would need to allow traffic towards the public ip.</P><P></P><P>If the above assumption is incorrect, and you have your server in the inside network instead (with ip of 192.168.1.5), and would like to access it from the inside via its public ip, here is the commands:</P><P></P><P>same-security-traffic permit intra-interface</P><P>static (inside,inside) 200.1.1.5 192.168.1.5 netmask 255.255.255.255</P><P>global (inside) 1 interface&nbsp;&nbsp;&nbsp; &lt;-- assuming that you have "nat (inside) 1 0 0" statement.</P><P></P><P>If you have ACL assigned to the inside interface, you would need to&nbsp; allow traffic towards the public ip as well.</P><P></P><P>Hope that helps.</P></BODY></HTML> Mon, 17 May 2010 12:30:46 GMT https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483044#M711111 Jennifer Halim 2010-05-17T12:30:46Z https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483045#M711164 <HTML><HEAD></HEAD><BODY><P>The issue got resoved after i used a different public IP rather than the default global IP</P></BODY></HTML> Tue, 18 May 2010 06:17:33 GMT https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483045#M711164 QPM277111 2010-05-18T06:17:33Z https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483046#M711221 <HTML><HEAD></HEAD><BODY><P>Good to hear, and thanks for the update and rating.</P></BODY></HTML> Tue, 18 May 2010 06:19:30 GMT https://community.cisco.com/t5/network-security/not-able-to-access-servers-using-public-ip-from-internal-segment/m-p/1483046#M711221 Jennifer Halim 2010-05-18T06:19:30Z