Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
221
Views
0
Helpful
1
Replies

ASA 5510 - traffic from LAN to LAN (via public IP) is denied

infocis13
Level 1
Level 1

‎03-03-2014 07:11 AM - edited ‎03-11-2019 08:52 PM

Hello,

On my network, I have an ASA 5510 with this configuration :

                    WWW

                         |

                         |

                    ISP Bridge

                         |

                         |

          (outside Interface : 129.*.*.*)

               ASA 5510

          (inside interface : 192.168.1.1)

                         |

                         |

               Local Network

      (192.168.1.5 to 192.168.1.200)

There is a rule to redirect access from the outside on port 80 to a specific host in my LAN.

When I try to access this specific host with the public IP (for instance : http://129.*.*.* ) from the outside : no problem.

But when I try to access from the inside network the same host with the public IP (for instance : http://129.*.*.* ) : the ASA recognize that this is the IP of his "outside interface", redirect this traffic to the LAN but deny the connection...

Erro Level 3 :





192.168.1.122

50708129.*.*.*80TCP access denied by ACL from 192.168.1.122/50708 to Inside:129.*.*.*/80


Is there any solution to solve this problem?

Thank you.

Labels:
0 Helpful
1 Reply 1

mvsheik123
Level 7
Level 7

‎03-03-2014 02:12 PM

Hi,

You need to configure DNS doctoring. Check the below link..

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html

hth

MS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card