https://community.cisco.com/t5/network-security/pix-loopback/m-p/939329#M917662 <HTML><HEAD></HEAD><BODY><P>You may want to look into hairpining with static nat, take a look at this link mid way down.</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml</A></P><P></P><P>Rgds</P><P>-Jorge</P></BODY></HTML> Wed, 25 Jun 2008 21:17:57 GMT JORGE RODRIGUEZ 2008-06-25T21:17:57Z https://community.cisco.com/t5/network-security/pix-loopback/m-p/939328#M917652 <P>I have a 515E running 7.2(2) with two interfaces. This firewall is the default gateway for all internal systems. I have an inside host with a static translation... ACL allows access to this host from the Internet. What I need, if possible, is to have *internal* clients access the host using it's public address.</P><P></P><P>^scratches head^</P><P></P><P>Thanks for your help!</P><P></P><P>Regards,</P><P>JD</P> Mon, 11 Mar 2019 13:05:08 GMT https://community.cisco.com/t5/network-security/pix-loopback/m-p/939328#M917652 jdlampard 2019-03-11T13:05:08Z https://community.cisco.com/t5/network-security/pix-loopback/m-p/939329#M917662 <HTML><HEAD></HEAD><BODY><P>You may want to look into hairpining with static nat, take a look at this link mid way down.</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml</A></P><P></P><P>Rgds</P><P>-Jorge</P></BODY></HTML> Wed, 25 Jun 2008 21:17:57 GMT https://community.cisco.com/t5/network-security/pix-loopback/m-p/939329#M917662 JORGE RODRIGUEZ 2008-06-25T21:17:57Z https://community.cisco.com/t5/network-security/pix-loopback/m-p/939330#M917673 <HTML><HEAD></HEAD><BODY><P>Hairpinning provides the necessary access. Thanks for your prompt response, Jorge!</P><P></P><P>-JD</P></BODY></HTML> Thu, 26 Jun 2008 01:19:56 GMT https://community.cisco.com/t5/network-security/pix-loopback/m-p/939330#M917673 jdlampard 2008-06-26T01:19:56Z https://community.cisco.com/t5/network-security/pix-loopback/m-p/939331#M917677 <HTML><HEAD></HEAD><BODY><P>Jonathan, glad it worked and thank you for the rating.</P><P></P><P>Rgds</P><P>-Jorge</P><P></P></BODY></HTML> Thu, 26 Jun 2008 01:47:40 GMT https://community.cisco.com/t5/network-security/pix-loopback/m-p/939331#M917677 JORGE RODRIGUEZ 2008-06-26T01:47:40Z https://community.cisco.com/t5/network-security/pix-loopback/m-p/939332#M917685 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I am not sure if it would work, but can you setup a static translation from the internal interface to the internal interface and map the internal IP address to the IP? I tried to enter the command on a production ASA running v7 code and it didn't complain that I was doing a NAT on the same interface. I haven't tested if it works though.</P><P></P><P>If that doesn't work, my suggestion would be to setup the server on a seperate VLAN to the rest of your internal network and change the internal interface to use trunking, that way you should be able to setup NATs from the 'internal' interface and from the 'external' interface with the same IP address to the 'server' interface, and not have to use any other interfaces. </P><P></P><P>That is assuming that you are not using the external IP address of the PIX for the static translation. If you are using the external interface IP for the translation, I am not sure if it will work.</P><P></P><P>Anyone else with suggestions?</P></BODY></HTML> Thu, 26 Jun 2008 03:21:08 GMT https://community.cisco.com/t5/network-security/pix-loopback/m-p/939332#M917685 goulin 2008-06-26T03:21:08Z https://community.cisco.com/t5/network-security/pix-loopback/m-p/939333#M917691 <HTML><HEAD></HEAD><BODY><P>I appreciate your response.</P><P></P><P>I followed the hairpinning configuration sample in the link that Jorge supplied and it worked exactly as needed.</P><P></P><P>All clients, Internet and internal, access the host with the public (NAT) address. I verified with traceroute and by simply looking in the Pix's log.</P><P></P><P>-JD</P></BODY></HTML> Thu, 26 Jun 2008 03:26:28 GMT https://community.cisco.com/t5/network-security/pix-loopback/m-p/939333#M917691 jdlampard 2008-06-26T03:26:28Z