Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
896
Views
5
Helpful
1
Replies

Access ASA Internet interface from Internal server

Go to solution
Ramesh M
Level 1
Level 1

‎10-25-2017 04:58 AM - edited ‎02-21-2020 06:34 AM

Hi Team,

 

In my perimeter, I have ASA firewall, I need to access the ASA eternal interface IP from the Internal server hosted behind internal interface. 

 

The requirement is my internal VA server should do VA on ASA through public IP.  Internal interface is accessible and its working fine. 

 

I am using 9.X version on ASA. Please suggest any workaround to establish the access.

 

Regards / Ramesh M

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎10-26-2017 07:10 AM

You cannot do this on the ASA itself as the ASA does not allow access to the far-end interface (external) when the source traffic comes in via another interface (internal). This is a security feature and there is no control on the ASA to disable it.
You can possibly use the next hop device to the ASA external to do some policy based routing and destination NAT if it supports both of these features(like a cisco router).

View solution in original post

1 Reply 1

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎10-26-2017 07:10 AM

You cannot do this on the ASA itself as the ASA does not allow access to the far-end interface (external) when the source traffic comes in via another interface (internal). This is a security feature and there is no control on the ASA to disable it.
You can possibly use the next hop device to the ASA external to do some policy based routing and destination NAT if it supports both of these features(like a cisco router).
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top