Hi there im hoping someone can help with this as it is probably something simple!
I have a ASA with 3 interfaces configured, inside, dmz and outside.
I have a NAT to translate a public IP from the outside interface to the dmz interface, this is for a website and is working fine
If I attempt to access the public IP from a client pointed at the internal interface I get an error in my syslog: : : Deny IP spoof from (116.212.X.X) "this is the external interface IP of my firewall to 116.212.X.Y (this is the public IP routed to my firewall) on interface outside_int
I would normally access sites like this via Split DNS - so our internal clients would just go directly to the internal IP address. However with this website there is some code on it that needs to be accessed via its public IP, so split DNS does not work here.
Any ideas on what might be causing this?
ASA Version 8.4(4)
!
hostname ABN-FW1-ASA-5510
no names
!
interface Ethernet0/0
description INSIDE
nameif inside_int
security-level 100
ip address 192.X.X.X 255.255.255.0
!
interface Ethernet0/1
description OUTSIDE
speed 100
duplex full
nameif outside_int
security-level 0
ip address 116.212.53.X 255.255.255.252
!
interface Ethernet0/2
description DMZ
duplex full
nameif dmz_int
security-level 50
ip address 172.30.X.X 255.255.255.0
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Obj_116.212.23.X
host 172.30.X.X
access-list OUTSIDE extended permit tcp any object Obj_116.212.193.11 eq https
access-list OUTSIDE extended permit tcp any object Obj_116.212.193.11 eq www
object network OBJ_INTERNAL_NETWORKS
nat (inside_int,outside_int) dynamic interface
object network Obj_116.212.23.X
nat (dmz_int,outside_int) static 116.212.23.X
access-group OUTSIDE in interface outside_int
route outside_int 0.0.0.0 0.0.0.0 116.212.53.X 1
Any help with this would be great, i can provide more config if required.
