Hi,

You would probably have to configure Dynamic PAT for the source addresses and Static PAT for the destination host (if you want the NAT to apply for certain destination port to this public IP address)

First thing you would need is to make sure that you have the command that enables the traffic to enter and leave through the same interface

same-security-traffic permit intra-interface

You can view this with command

show run same-security-traffic

Then you would need the actual NAT configurations

It would be something like this

object-group network LAN-TO-PUBLIC-SOURCE

description Source networks for Hairpin NAT

network-object 10.10.10.0 255.255.255.0

object network HAIRPIN-PUBLIC

host 1.1.1.1

object network HAIRPIN-LOCAL

host 10.10.10.100

object service HTTPS

service tcp destination eq 443

nat (inside,inside) source dynamic LAN-TO-PUBLIC-SOURCE interface destination static HAIRPIN-PUBLIC HAIRPIN-LOCAL service HTTPS HTTPS

Naturally "object" / "object-group" and IP address probably will be different in your configuration

The above configurations should essentially look for traffic that sourced from the addresses/networks specified under "LAN-TO-PUBLIC-SOURCE" that are destined to "HAIRPIN-PUBLIC" to port "HTTPS" and then translate the source to "interface" (inside) and untranslate the destination to "HAIRPIN-LOCAL"

The aim of the destination address translation is obvious but you will have to configure source address translation otherwise the ASA wont see all the traffic and simply drop the connection before it forms completely.

Naturally if you have doubts we dould look at your current configuration.

Hope this helps

Let me know how it goes.

- Jouni