cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
268
Views
10
Helpful
2
Replies

ASA 5520 9.0(4) NAT FROM INSIDE TO DMZ using Public IP

bellaichef
Beginner
Beginner

Hi,

I have an ASA 5520 on FW 9.0(4).

I have on it 3 subnets : 

  • inside (10.1.1.0/24)
  • outside (1.1.1.2/28, webserver Public ip 1.1.1.3)
  • DMZ (20.1.1.0, webserver DMZ ip 20.1.1.10)

Clients on the inside are able to access internet without any issue

Webserver located on the DMZ is accessed without any issue if request come from the outside using its public ip.

But we can't access Webserver from the inside using its public IP. (I don't want to do nat 0)

On FW previous 8.4  this command would have solved my problem : 

static (DMZ,inside) 1.1.1.3 20.1.1.10

I did not found how to reproduce the same behaviour on post 8.4 FW

Many thanks by advance for any help.

Franck

1 Accepted Solution

Accepted Solutions

manabans
Cisco Employee
Cisco Employee

The requirement can be achieved using the following configuration.
WebServer Private IP: 20.1.1.10 | WebServer Public IP: 1.1.1.3

!
object network obj-1.1.1.3
host 1.1.1.3
object network obj-20.1.1.10
host 20.1.1.10
!
nat (inside,DMZ) source dynamic any interface destination static obj-1.1.1.3 obj-20.1.1.10
!  

 

View solution in original post

2 Replies 2

manabans
Cisco Employee
Cisco Employee

The requirement can be achieved using the following configuration.
WebServer Private IP: 20.1.1.10 | WebServer Public IP: 1.1.1.3

!
object network obj-1.1.1.3
host 1.1.1.3
object network obj-20.1.1.10
host 20.1.1.10
!
nat (inside,DMZ) source dynamic any interface destination static obj-1.1.1.3 obj-20.1.1.10
!  

 

bellaichef
Beginner
Beginner

Thanks it worked as a charm. Why did they make such a simple thing, something barely understandable.?!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers