05-15-2015 12:05 AM - edited 03-11-2019 10:56 PM
So i want to access a webserver in DMZ from Inside by both its internal and Outside public IP (assigned via DHCP) without using DNS doctoring. Can access it via internal no problem and found few articles that cover hairpining but they usually cover it from the same interface or with a static public IP
05-15-2015 12:49 AM
Oh and it's on ASA 9.2
05-15-2015 07:40 AM
Hi,
Let's assume this:-
LAN:- 1.1.1.0/24
DMZ server:- 2.2.2.2
Outside interface:- x.x.x.x
object network LAN
subnet 1.1.1.0 255.255.255.0
nat (inside,dmz) source dynamic LAN interface destination static x.x.x.x 2.2.2.2
object network obj-DMZsrv
host 2.2.2.2
nat (dmz,outside) static interface service tcp 443 443
This has to be static PAT as you can only forward specific ports using the interface IP.
Thanks and Regards,
Vibhor Amrodia
05-15-2015 04:10 PM
"Outside interface:- x.x.x.x"
What if the outside is a DHCP client? And doesn't get a static IP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide