cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


416
Views
10
Helpful
3
Replies

Hairpin NAT ASA5506-X version 9.8

Hellow everyone!

 

I'm trying to configure Hairpin NAT on my ASA5506X (version 9.8.2.20) in order to allow internal users connect to internal servers through their Public IP address 82.52.222.122 (fake).

I used this scenario on my old Cisco PIX515E (version 8.0.4.28) without any problems, but I cannot make it work on ASA.

Could somebody help please?ASA5506_hairpin.jpg

 

 

 

 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Hairpin NAT ASA5506-X version 9.8

Yeah! It's working!

Here is correct code:

nat (inside,inside) 28 source static inside-network interface destination static 82.52.222.122 192.168.3.99 service any http8000 description Hairpin

 

GUI:

ASA5506_hairpin_gui.jpg

3 REPLIES 3
Enthusiast

Re: Hairpin NAT ASA5506-X version 9.8

Hi,
Create a nat rule to allow traffic from inside to inside as below.
nant (inside, inside) 28 source static 192.168.3.90 interface destination static 82.52.222.122 192.168.3.99 service http8000

HTH
Abheesh

Highlighted

Re: Hairpin NAT ASA5506-X version 9.8

Yeah! It's working!

Here is correct code:

nat (inside,inside) 28 source static inside-network interface destination static 82.52.222.122 192.168.3.99 service any http8000 description Hairpin

 

GUI:

ASA5506_hairpin_gui.jpg

VIP Advisor

Re: Hairpin NAT ASA5506-X version 9.8

adding to other post, if you like to know how the process  happens  in ASA  code, here is the document for reference :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/firewall/asa-98-firewall-config/nat-reference.html

 

BB
*** Rate All Helpful Responses ***