06-30-2010 12:35 PM - edited 03-11-2019 11:05 AM
Our web site is hosted on our internal network (not on a DMZ). Attempting to contact it from the INSIDE network, through our ASA5510 at its DNS-acquired public internet address fails. Access to this site from OUTSIDE works. Both "same-security-traffic permit inter-interface", and
"same-security-traffic permit intra-interface" are configured. Do I need a static route? If so, how is this configured? Thanx!
06-30-2010 12:47 PM
You only need intra-interface.
You need static (inside,inside) 10.10.10.1 10.10.10.1
for the host that is trying to load the page using the public address. and also
static (inside,inside) public_IP_of_webserver private_ip_webserver
BTW, the correct way to do this is to access the server using it private address from the inside and not the translated address.
-KS
06-30-2010 12:57 PM
Excellent! BTW, as I am the newbie here, I didn't know the inside web server address. It turns out that this type of issue has been buggeing these folks for a while. I'll implement this and let you know the results. Thank you!
Wolf
06-30-2010 02:34 PM
Well, that didn't work. I applied:
static (in_Laker,in_Laker) 10.10.30.208 10.10.30.208
static (in_Laker,in_Laker) 192.168.1.232 10.10.30.156
where 10.10.30.208 is my machine, 192..168.1.232 is the outside and 10.10.30.156 the inside IP of the web server. in_Laker is the name of the inside interface. Any additional thoughts? Thanx!
Wolf
07-02-2010 01:28 PM
maybe you are better of with this solution (depending on the location of your DNS)
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
btw you should change the puplic IP address in your last post.
Cheers Michael
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: