Re: ASA 5580 can't reach my own public ip address from LAN

gasparmenendez · ‎08-30-2017

Hi friends,

I'm having a strange problem... I'm using one of my public ip addresses for a static NAT rule to access a PC in subnet of my LAN. From internet I have full access to that PC through public ip address, so far so good. The problem is that I can't reach that same public ip address from my LAN and I need to, since I'm connected to a different subnet from the PC I need to reach and have no access through LAN.

Can anybody help me please?? Thanks in advance.

BR.

Flavio Miranda · ‎08-30-2017

This is not actually a problem if I understood well.

You have a firewall with an outside interface and a static NAT. This NAT allows you to reach a server on the Inside interface.

Then, for some reason, you, when connected to on another inside interface wants to reach the same server using public IP.

This is basically a desing issue. If you are on the inside network even though it is a different ASA interface, why dont use the real server IP address ? You just need to permit this traffic on ASA.

gasparmenendez · ‎08-30-2017

the server and my PC are in different ASA interface and besides in different subnet. The server's ip address is 10.227.224.11 connected to CARRIER interface and my PC has ip address 192.168.199.29 and is connected to INSIDE_Prueba interface. How can I permit this traffic on my ASA?? I already tried this:

access-list nonat extended permit ip 192.168.199.0 255.255.255.0 10.227.224.0 255.255.252.0

and didn't work. Besides, is there anyway I can ping the public ip address from my LAN???

Thanks.