08-21-2012 09:17 AM - edited 03-11-2019 04:44 PM
I have a requirement to access one of our outside interface IP addresses from inside the network.
The scenario is we have teleworker devices that we provision in house before sending out. These devices cannot use a hostname but must be programmed with the IP. I would like to able to confirm these devices are working before shipping them out.
I've been attempting some kind of loopback/hair pinning NAT rules but haven't managed to get one working yet.
Any help would be greatly appreciated.
Device: ASA 5510 v8.4
08-21-2012 09:03 PM
Hi Bro
There's no provision for interface loopback in Cisco ASA. What you can do is, set an IP Address, Subnetmask and Default Gateway on those teleworker devices, place them on the INSIDE nameif of the Cisco ASA, and try to access devices on the OUTSIDE nameif of the Cisco ASA. You can ping the OUTSIDE IP Address from INSIDE, provided you've the management-access outside command, but this is messy.
P/S: If you think this comment is useful, please do rate them nicely :-)
08-22-2012 07:35 AM
I don't think I explained it very well.
The device the teleworkers need access to is on the inside. But I don't want to programme the teleworks with the internal IP as that obviously won't work when they are shiped out.
209.x.x157 is static NAT'd to 10.1.11.9
I need for the teleworkers to be able to reach 209.x.x.157 from the inside rather than having to use 10.1.11.9.
Hopefully that better explains it.
08-22-2012 11:25 AM
If that's the case, you'll need to enable Cisco DNS Doctoring in your Cisco FW. You could refer to this Cisco URL as a guide http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
P/S: If you think this comment is useful, please do rate it nicely :-)
08-22-2012 04:16 PM
As I understand it, DNS doctoring simply hijacks the DNS request and replaces the external IP with the internal. I don't see how that is going to help considering there are no DNS requests taking place.
If I could programme the teleworker devices with a hostname I would just run split DNS and call it a day. Unfortunately I cannot.
As much as I dislike SonicWALL devices, a loopback NAT rule is a 15 second task on them. In fact most are auto generated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide