01-30-2011 08:01 AM - edited 03-11-2019 12:42 PM
Hi,
My ASA is a simple setup with a dmz, customer don’t have a dns server in the inside
network. So I use dns doctoring to access the web server in the dmz with
public address.
static (dmz,inside) 11x.x.xx.ccc 192.168.x.x netmask 255.255.255.255 dns
If I do that I loose the access to the same server with the private address, is there
any way I could address the dmz server with both private and public address from inside network.
Cheers
Solved! Go to Solution.
01-30-2011 08:07 AM
Hi,
If you are running version below 8.3 you can do it. In 8.2 try this
access-list pnat1 permit ip host 192.168.x.x any
access-list pnat2 permit ip host 192.168.x.x any
no static (dmz,inside) 11x.x.xx.ccc 192.168.x.x netmask 255.255.255.255 dns
static (dmz,inside) 11.x.x.x access-list pnat1
static (dmz,inside) 192.168.x.x access-list pnat2
Let me know how it goes.
Mike
01-30-2011 08:07 AM
Hi,
If you are running version below 8.3 you can do it. In 8.2 try this
access-list pnat1 permit ip host 192.168.x.x any
access-list pnat2 permit ip host 192.168.x.x any
no static (dmz,inside) 11x.x.xx.ccc 192.168.x.x netmask 255.255.255.255 dns
static (dmz,inside) 11.x.x.x access-list pnat1
static (dmz,inside) 192.168.x.x access-list pnat2
Let me know how it goes.
Mike
01-30-2011 08:55 AM
HI, Thanks Mike, it works
but I had to make it
access-list pnat3 permit ip host 192.168.x.x host 11.x.x.x
static (dmz,inside) 11.x.x.x access-list pnat3
and I didn't need the other static, once dns doctoring removed private address access works and with policy NATing public address access also works
any comments
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide