https://community.cisco.com/t5/network-security/nat-help/m-p/1384552#M777051 <HTML><HEAD></HEAD><BODY><P>Would a NAT work, I looked at you link and it looks very similar to a NAT.</P><P></P><P>I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:</P><P></P><P>info example:</P><P></P><P>interfaces:</P><P>inside (192.168.1.1)</P><P>outside (100.100.100.1)</P><P>VLAN1 (172.25.1.x)</P><P>VLAN2 (192.168.15.x)</P><P></P><P>Currently we have a NAT for 100.100.100.2 &gt; 192.168.15.8 from the Outside to VLAN2 web server.&nbsp; We want VLAN2 to ba able to contact 100.100.100.2 and not go out on the global IP.&nbsp; I added '<STRONG>static (VLAN1,VLAN2) 192.168.15.8 100.100.100.2 netmask 255.255.255.255 dns tcp 0 0 udp 0</STRONG>' but the traffic goes to the outside.</P><P></P><P>I thought anything on VLAN1 trying to get to 100.100.100.2 would translate to 192.168.15.8?</P></BODY></HTML> Mon, 14 Dec 2009 14:44:39 GMT Andy White 2009-12-14T14:44:39Z https://community.cisco.com/t5/network-security/nat-help/m-p/1384550#M777018 <P>Hello,</P><P></P><P>We have an internal webserver which is available from the internet via a public IP using a static NAT.&nbsp; This server sits in it's own VLAN off our ASA using a sub-interface (trunk into a switch). Our developers have asked if our internal users could also use this public IP to access the server?&nbsp; It will save them lots of re-programming apparently, is this possibe?</P><P></P><P>So if I wanted to get to this public IP (which is on the ASA anyway), it doesn't go out to the internet, but maybe just NAT's to this internal IP?</P> Mon, 11 Mar 2019 16:48:22 GMT https://community.cisco.com/t5/network-security/nat-help/m-p/1384550#M777018 Andy White 2019-03-11T16:48:22Z https://community.cisco.com/t5/network-security/nat-help/m-p/1384551#M777036 <HTML><HEAD></HEAD><BODY><DIV class="jive-rendered-content"><P></P></DIV><DIV class="jive-rendered-content">Hi,</DIV><DIV class="jive-rendered-content"><BR /></DIV><DIV class="jive-rendered-content">ASA wont allow port redirection, so you may need to use the DNS doctoring feature..</DIV><DIV class="jive-rendered-content">If accessing the server via the internal IP address meets your needs, then you may want</DIV><DIV class="jive-rendered-content">to try DNS doctoring.</DIV><DIV class="jive-rendered-content"><P></P><P>hth</P><P></P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml</A></P></DIV><P><A href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml"><BR /></A></P></BODY></HTML> Mon, 14 Dec 2009 12:42:34 GMT https://community.cisco.com/t5/network-security/nat-help/m-p/1384551#M777036 krishnadas.R_2 2009-12-14T12:42:34Z https://community.cisco.com/t5/network-security/nat-help/m-p/1384552#M777051 <HTML><HEAD></HEAD><BODY><P>Would a NAT work, I looked at you link and it looks very similar to a NAT.</P><P></P><P>I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:</P><P></P><P>info example:</P><P></P><P>interfaces:</P><P>inside (192.168.1.1)</P><P>outside (100.100.100.1)</P><P>VLAN1 (172.25.1.x)</P><P>VLAN2 (192.168.15.x)</P><P></P><P>Currently we have a NAT for 100.100.100.2 &gt; 192.168.15.8 from the Outside to VLAN2 web server.&nbsp; We want VLAN2 to ba able to contact 100.100.100.2 and not go out on the global IP.&nbsp; I added '<STRONG>static (VLAN1,VLAN2) 192.168.15.8 100.100.100.2 netmask 255.255.255.255 dns tcp 0 0 udp 0</STRONG>' but the traffic goes to the outside.</P><P></P><P>I thought anything on VLAN1 trying to get to 100.100.100.2 would translate to 192.168.15.8?</P></BODY></HTML> Mon, 14 Dec 2009 14:44:39 GMT https://community.cisco.com/t5/network-security/nat-help/m-p/1384552#M777051 Andy White 2009-12-14T14:44:39Z