05-31-2012 04:57 AM - edited 03-11-2019 04:13 PM
Hello all,
I'm having a weird issue with an ASA 5520 (Ver. 8.2) of a customer. The scanario is as follows:
There is a subnet (on a subinterface) "Guest" which basically is allowed unlimited access to the internet. Traffic is source NATed through the ASA to the outside interface. This works fine.
There is on the "inside" interface a server which can be accessed from the outside via a public IP address. On the ASA this is implemented as a static NAT entry. This also works fine.
Now the customer wants to access the server on the inside from a client of the "Guest" interface using the public (NATed) IP address. Reason for this is, they have an application with hard programmed IP address inside and want to run some life tests. However, this kind of traffic seems not to be passing through the ASA.
What I have tried so far:
- examined, if a hairpin scenario could be applied here, but it seems not, as I have traffic traveling between interfaces not out and in to the same interface.
- enabled the option "enable traffic between two or more interfaces which are configured with same security levels" and also "enable traffic between two or more hosts connected to the same interface"
- when I use the real adresses of the host, it works, so it shouldn't be an issue with the firewall rules
So currently, I'm a little stuck here, can someone think of a reason why I cannot use the public NAT address from any of the other interfaces?
Thanks in advance!
05-31-2012 05:02 AM
Hi,
You would need the following configuratin:
static (inside,guest)
and also allow the host in the access-list that you have applied on the guest interface, since you arre going from lower security to higher security.
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-31-2012 07:30 AM
Thanks, however, to be sure with the IPs:
05-31-2012 08:39 AM
Hi,
Public ip would be the free public ip with which you the inside server already natted to, real ip is the ip of the server on the inside.
Thanks,
Varun Rao
Security Team,
Cisco TAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide