12-20-2012 01:07 PM - edited 03-11-2019 05:39 PM
Hello,
i need some help pls.
I config asa to access web site(through public ip) that is published to dmz subnet from inside.
Example:
inside user host - 10.205.10.100
ASA interfaces
inside - 10.205.10.1
dmz host - 192.168.200.20
outside published host address - 1.1.1.20
outside pat interface - 1.1.1.1
From inside host 10.205.10.100 i open 1.1.1.20 and connection timout.
Dec 20 2012 20:31:59: %ASA-6-305011: Built dynamic TCP translation from inside:10.205.10.100/14468 to outside:1.1.1.1/48234
Dec 20 2012 20:31:59: %ASA-6-302013: Built outbound TCP connection 92 for outside:1.1.1.20/23 (1.1.1.20/80) to dmz:192.168.200.20/14468 (1.1.1.1/48234)
Is it possible? or i need perfrom this through DNS to access private address of the published host.
Solved! Go to Solution.
12-20-2012 02:17 PM
nat (dmz,any) source static obj-192.168.200.20 obj-1.1.1.20
12-20-2012 01:20 PM
Hi,
You have an separate public IP address for the server?
Is that Web server reached by some name at the moment from the Internet?
Are you using a DNS server on the Internet for your LAN users?
If all of the above are true, you should be able to configure the NAT on the ASA so that you can reach the Web server from your LAN the same way you would reach it from the Internet.
The logs you posted dont seem to related to the actual Web server connections or if they are there is some pretty wierd NAT configurations going on.
Also if you have only made the Web servers NAT between DMZ and OUTSIDE, it will not apply to connections coming from the LAN. In other words, in that case you cant use the public IP address to connect to the Web server from LAN.
Can you answer the above questions and perhaps provide some current configurations from the ASA to go through the situation.
- Jouni
12-20-2012 02:17 PM
nat (dmz,any) source static obj-192.168.200.20 obj-1.1.1.20
12-21-2012 12:27 PM
Thank you, it worked. I first tried accomplish this by using only inside interface, that is, user and host on the same subnet, but user refer host by public ip but without success. When host is on the dmz subnet it worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide