Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
1
Replies

PIX/ASA Access static nat from inside

kent.plummer
Level 1
Level 1

‎01-28-2009 10:53 PM - edited ‎03-11-2019 07:43 AM

Hi,

It seems that the PIX/ASA does not allow an inside host to hit an static nat such as below on the external public IP 111.222.3.4.

static (inside,outside) tcp 111.222.3.4 80 10.200.4.20 80 netmask 255.255.255.255

I know this is what internal DNS is for but this customer does not want to run internal DNS.

The PIX seems to have a similar issue when you ssh to it in that you cant ssh to the outside interface if your traffic originates from the inside.

Has anyone tripped over a solution to these issues.

Thanks in advance for any assistance.

Kent.

Labels:
0 Helpful
1 Reply 1

kent.plummer
Level 1
Level 1

‎01-29-2009 04:40 AM

This doc explains all - except ssh to the asa external interface from the inside. Would appreciate any ideas on this.

"PIX/ASA: Perform DNS Doctoring with the static Command and Two NAT Interfaces Configuration Example"

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Cheers

Kent.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card