cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
593
Views
0
Helpful
6
Replies

Access Public Website on Internal Network

jbrunsting
Level 1
Level 1

I have a client who has a particular server running some very proprietary software. In order for this software to work, the client must access the server's web page (port 80) via its public IP address. He has to do this from a computer that's actually on the same internal network as the server. This seems to be causing problems, as the ASA5505 they have does not, I believe, like allowing traffic out only to have it come right back in again.

Is there some way I can get this to work? Everything is being done via port 80, but the need for the page to be accessed via the public IP address is an odd one. The server has its own public IP address which is static (inside,outside) mapped, so it's not using the public IP of the ASA itself for internet-originated traffic.

Any help would be greatly appreciated. Thanks.

6 Replies 6

cisco24x7
Level 6
Level 6

Here are some solutions:

1- setup dns on the External network and

enable DNS doctoring on the ASA. This solution

seems to be an excessive solution,

2- Buy a checkpoint firewall. Checkpoint will

let you do this without any DNS,

CCIE Security

Considering they just purchased these three ASA5505s to replace their SonicWalls, I don't think they'd be happy to buy yet another new firewall. As for setting up dns on the external network, what do you mean? Just point the ASA at an external DNS server, or something else?

JORGE RODRIGUEZ
Level 10
Level 10

Have you look into DNS doctoring, there are couple of solutions to solve your problem.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

If trouble configuring it let us know.

Rgds

Jorge

Jorge Rodriguez

To be honest, I've never even heard of dns doctoring. I guess I'm going to be reading for a little while!

Jackson, go over the link I provided , it will be failrly simple to implement once you get the idea from the doc.

Rgds

Jorge

Jorge Rodriguez

Fernando_Meza
Level 7
Level 7

Hi,

it sounds like you need to use DNS doctoring. If I understood correctly the web server physical IP address is private, however access from the Internet points to a public IP address which is statically NATed on the ASA correct ..? When that application access the web server .. does it use host name ..i.e www.whatever.com .. or does it use the IP address ..? if it use the host name .. then you could add an entry on the hosts file pointing i.e www.whaterver.com X.X.X.X where X.X.X.X is the PRIVATE ip address of the server. Another option is using DNS doctoring. This is done by adding dns at the end of the static(inside,outside) ... you have configured for that server. Note that in order for the last option to work you need to make sure that the dns server resolving www.whatever.com is outside of the firewall i.e any public DNS server.

I hope it helps .. please rate it if it does !!!

Review Cisco Networking for a $25 gift card