Accessing webserver in DMZ from Inside via DHCPed outside address

Alex · ‎05-15-2015

So i want to access a webserver in DMZ from Inside by both its internal and Outside public IP (assigned via DHCP) without using DNS doctoring. Can access it via internal no problem and found few articles that cover hairpining but they usually cover it from the same interface or with a static public IP

Alex · ‎05-15-2015

Oh and it's on ASA 9.2

Vibhor Amrodia · ‎05-15-2015

Hi,

Let's assume this:-

LAN:- 1.1.1.0/24

DMZ server:- 2.2.2.2

Outside interface:- x.x.x.x

object network LAN

subnet 1.1.1.0 255.255.255.0

nat (inside,dmz) source dynamic LAN interface destination static x.x.x.x 2.2.2.2

object network obj-DMZsrv

host 2.2.2.2

nat (dmz,outside) static interface service tcp 443 443

This has to be static PAT as you can only forward specific ports using the interface IP.

Thanks and Regards,

Vibhor Amrodia

Alex · ‎05-15-2015

"Outside interface:- x.x.x.x"

What if the outside is a DHCP client? And doesn't get a static IP?

Accessing webserver in DMZ from Inside via DHCPed outside address

NAT 使用時に Outside から Inside に Traceroute を実施する場合の注意点

SD-WAN: cEdge の SVI に ip nat inside/outside を設定できない

事象：ASDM Unable to launch device manager from <IP address>

nat (inside,outside) source

Cannot access to dmz server from inside with public ip address