08-30-2017 10:03 AM - edited 02-21-2020 06:15 AM
Hi friends,
I'm having a strange problem... I'm using one of my public ip addresses for a static NAT rule to access a PC in subnet of my LAN. From internet I have full access to that PC through public ip address, so far so good. The problem is that I can't reach that same public ip address from my LAN and I need to, since I'm connected to a different subnet from the PC I need to reach and have no access through LAN.
Can anybody help me please?? Thanks in advance.
BR.
08-30-2017 10:23 AM
This is not actually a problem if I understood well.
You have a firewall with an outside interface and a static NAT. This NAT allows you to reach a server on the Inside interface.
Then, for some reason, you, when connected to on another inside interface wants to reach the same server using public IP.
This is basically a desing issue. If you are on the inside network even though it is a different ASA interface, why dont use the real server IP address ? You just need to permit this traffic on ASA.
08-30-2017 11:53 AM - edited 08-30-2017 03:09 PM
the server and my PC are in different ASA interface and besides in different subnet. The server's ip address is 10.227.224.11 connected to CARRIER interface and my PC has ip address 192.168.199.29 and is connected to INSIDE_Prueba interface. How can I permit this traffic on my ASA?? I already tried this:
access-list nonat extended permit ip 192.168.199.0 255.255.255.0 10.227.224.0 255.255.252.0
and didn't work. Besides, is there anyway I can ping the public ip address from my LAN???
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide