Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
0
Helpful
7
Replies

acces with ASDM to public ASA IP from LAN network

eric_jantzen
Level 1
Level 1

‎01-21-2013 07:35 AM - edited ‎03-11-2019 05:50 PM

hello,

I have a DNS name for the public ASA IP

and I want use ASDM on the LAN with public DNS name or IP.

With v8.2, I can use "alias", and it's Ok, but alias don't work on >8.4

I try with "static" and DNS Doctoring.

I can, but I loose access to the public IP from Internet

I try this:

static (inside,outside) interface  access-list inside_nat_static dns

access-list inside_nat_static extended permit ip interface inside interface outside

Can you help me?

Thank's

Labels:
0 Helpful
7 Replies 7

Jennifer Halim
Cisco Employee
Cisco Employee

‎01-21-2013 03:45 PM

That solution that you have earlier on v8.2 is not meant to work but somehow you make it work.

You won't be able to access the public IP interface from the LAN network, ie: you can't cross interface on ASA firewall.

Do you have an internal DNS server? if you do, then you can configure the LAN IP as the resolution.

If internet user is accessing your internal DNS server for the resolution, then you can configure the static NAT statement with the DNS keyword, and that would change the private IP to public IP for internet user.

0 Helpful

eric_jantzen
Level 1
Level 1
In response to Jennifer Halim

‎01-21-2013 11:59 PM

thank's, but we don't have internal DNS server.

I have an URL on a public WEB server with redirect to ASDM public URL.

I want DNS doctoring, but without the NAT

thank's

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to eric_jantzen

‎01-22-2013 04:28 AM

Have you add the "dns" keyword on the dynamic NAT statement for your internal subnet accessing the internet?

0 Helpful

eric_jantzen
Level 1
Level 1
In response to Jennifer Halim

‎01-22-2013 06:23 AM

yes, I use this:

static (inside,outside) interface  access-list inside_nat_static dns

dns dostoring work fine, BUT I lose access to ASA public service.

0 Helpful

Andrew Phirsov
Level 7
Level 7

‎01-22-2013 01:07 AM

"and I want use ASDM on the LAN with public DNS name or IP"

Why would you want to do it?

0 Helpful

eric_jantzen
Level 1
Level 1
In response to Andrew Phirsov

‎01-22-2013 06:24 AM

I want just use the public DNS name to access ASDM from LAN and Internet.

like I can do with "alias", but "alias" is OUT

Thank's

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to eric_jantzen

‎01-22-2013 07:03 PM

Unfortunately you won't be able to use the public DNS name for the ASA interface to access it from the LAN, as the DNS doctoring won't work for the interface IP itself, and you would probably break something else by configuring that static NAT statement.

ASA won't NAT its interface IP to another interface as it is 2 different interfaces and it meant to do routing on those interfaces.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card