cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


219
Views
0
Helpful
2
Replies
Explorer

NAT help

Hello,

We have an internal webserver which is available from the internet via a public IP using a static NAT.  This server sits in it's own VLAN off our ASA using a sub-interface (trunk into a switch). Our developers have asked if our internal users could also use this public IP to access the server?  It will save them lots of re-programming apparently, is this possibe?

So if I wanted to get to this public IP (which is on the ASA anyway), it doesn't go out to the internet, but maybe just NAT's to this internal IP?

2 REPLIES 2
Highlighted
Beginner

Re: NAT help

Hi,

ASA wont allow port redirection, so you may need to use the DNS doctoring feature..
If accessing the server via the internal IP address meets your needs, then you may want
to try DNS doctoring.


Explorer

Re: NAT help

Would a NAT work, I looked at you link and it looks very similar to a NAT.

I trid to do a Static NAT, but the packet trace should the trafic going out to the internet which I don't want happening:

info example:

interfaces:

inside (192.168.1.1)

outside (100.100.100.1)

VLAN1 (172.25.1.x)

VLAN2 (192.168.15.x)

Currently we have a NAT for 100.100.100.2 > 192.168.15.8 from the Outside to VLAN2 web server.  We want VLAN2 to ba able to contact 100.100.100.2 and not go out on the global IP.  I added 'static (VLAN1,VLAN2) 192.168.15.8 100.100.100.2 netmask 255.255.255.255 dns tcp 0 0 udp 0' but the traffic goes to the outside.

I thought anything on VLAN1 trying to get to 100.100.100.2 would translate to 192.168.15.8?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here