cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1988
Views
0
Helpful
4
Replies

Cannot access to dmz server from inside with public ip address

Zamilnewbie
Level 1
Level 1

Hi everyone,

On Asa i configured 4  interfaces .

Inside1 - 172.16.2.0/24 security level 100

Inside2 - 172.16.3.0/24 security level 100

Dmz     -  10.10.10.0  security level 50

Outside - 100.100.100.2/29 security level 0

 

In inside2 i have a host wih ip 172.16.3.2/24 and in dmz i have server 10.10.10.100/24. Everything is natted to outside and there is static nat to dmz server on port 23 from outside.everythink is ok.The problem is im not able to connect to dmz server with public ip (telnet 100.100.100.2 23) from inside2 host 172.16.3.2/24. I tried to configure no-nat but no success,packet tracer shows drop with no route error.Any helps appreciated.

1 Accepted Solution

Accepted Solutions

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

You need NET hairpin to get this solution. I am sharing a configuration which will help you:

 

object network Inside-all
subnet 172.16.2.0 255.255.255.0
subnet 172.16.3.0 255.255.255.0
!
object network obj-Server-Hairpin
host 10.10.10.100
!
object network obj-100.100.100.2
host 100.100.100.2
!
nat (inside,DMZ) source static Inside-all interface destination static
obj-100.100.100.2 obj-Server-Hairpin

 

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

4 Replies 4

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

You need NET hairpin to get this solution. I am sharing a configuration which will help you:

 

object network Inside-all
subnet 172.16.2.0 255.255.255.0
subnet 172.16.3.0 255.255.255.0
!
object network obj-Server-Hairpin
host 10.10.10.100
!
object network obj-100.100.100.2
host 100.100.100.2
!
nat (inside,DMZ) source static Inside-all interface destination static
obj-100.100.100.2 obj-Server-Hairpin

 

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

thanks for your answer,why should i create object for wan ip ? i used interface not worked but with ip it worked.What about dynamic wan ip ? what should i do ?

Hi,

Really I never tried with a dynamic IP address. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Anyone else has an idea about dynamic wan ip hairpin ?

Review Cisco Networking for a $25 gift card