Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
10
Helpful
4
Replies

Access to inside equipment from inside network using outside IP address

burleyman
Level 8
Level 8

‎05-29-2015 10:43 AM - edited ‎03-11-2019 11:01 PM

I have been asked for the following need.

My customers wireless network has a guest and secure side. The secure side
gets an IP address in the same VLAN subnet as PC's connected directly
into a LAN switch. On their smart phones they have an app that is setup to
allow access to some equipment when you are outside the network by
going to the outside public IP address with lets say port 9200 and it translates to
an internal IP address of the piece of equipment and it works fine.


So let's say the external IP address is 1.1.1.1, which is the outside interface of the ASA, and I am outside the network and
go to 1.1.1.1:9200 it will take me to 10.30.1.28 and that is working fine.


Now here is my question, They want the ability to go from the inside subnet of 10.30.1.0/24
and type 1.1.1.1:9200 and have it do the same thing as it would if they were outside the network.


How would I do this? or could I do this?


So basically they want these three things to work...

Outside the network they go to 1.1.1.1:9200 and it gets to 10.30.1.28 (I have this working now)

and
Inside the network they want to go to 10.30.1.28:9200 and also get to 10.30.1.28 ( This is also working now.)
and
Inside the network they want to go to 1.1.1.1:9200 and get to 10.30.1.28 <--- This is what they want to get working.

 

Thanks,

Mike

 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

kcrane2
Level 1
Level 1

‎05-29-2015 11:37 AM

It's called hairpin nat and configuring it is explained pretty well here:

 

http://mike-knight.blogspot.com/2013/06/asa-84-and-hairpin-nat.html

 

That said, I try to avoid it wherever I can.   Completely inefficient to send internal traffic through the firewall then back through it to the internal network.

burleyman
Level 8
Level 8
In response to kcrane2

‎05-29-2015 12:56 PM

Thanks I will check it out. I am running 8.2 and I found that on the web link as well. Stay tuned.

 

Mike

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎05-29-2015 11:44 AM

Mike

You may also want to use this link to a thread on the same thing as, for me at least, it seems to explain it a bit better -

https://supportforums.cisco.com/discussion/11878621/insideinside-nat-asa-91

Jon

burleyman
Level 8
Level 8
In response to Jon Marshall

‎05-29-2015 12:55 PM

Thanks I will check it out and post my config to see if it looks good.

 

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card