Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3393
Views
4
Helpful
3
Replies

Cisco ASA: How can I access the translated public IP from the inside?

ryabutler
Level 1
Level 1

‎12-19-2008 10:14 AM - edited ‎03-11-2019 07:27 AM

Hello everyone, I have encountered this problem many times with the Cisco ASA and want to know how I can fix this this.

Here is the issue ...

We have a Cisco ASA and on the inside network we have a web server (192.168.1.10) translating to Pubic IP X.X.X.X.

From the outside when you put in X.X.X.X in your web browser it works.

Well if I am on the inside of the network and put in that Pubic IP of X.X.X.X it doesn't work.

Using a Linksys router works! But with a Cisco ASA it does not work! If I use the private IP it works of coarse.

Is there something I need to configure on the Cisco ASA to fix this where if I use the Public IP internally it will still work? Any sample configuration?

Thanks in advanced!

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎12-19-2008 10:43 AM

You could try and do the following:-

1) Allow intra-interface traffic

2) Create an inside to inside static nat translation.

HTH>

0 Helpful

Mo'ath Al Rawashdeh
Level 1
Level 1

‎12-22-2008 12:35 AM

Hi,

You can place the webserver in its own DMZ.

In this case, all users who try to connect (from inside and outside) will use its public IP address.

regards,

JORGE RODRIGUEZ
Level 10
Level 10
In response to Mo'ath Al Rawashdeh

‎12-24-2008 11:26 AM

Rashida,

Andrew prety much told you how to do it, and in addition to previous poster.

We have a Cisco ASA and on the inside network we have a web server (192.168.1.10) translating to Pubic IP X.X.X.X.

From the outside when you put in X.X.X.X in your web browser it works.

Well if I am on the inside of the network and put in that Pubic IP of X.X.X.X it doesn't work.

Simply do this in the firewall , HAIRPINING , given that your inside interface if_name argument is called inside

same-security-traffic permit intra-interface

static (inside,inside) < X.X.X.X > netmask <32_bit_mask>

if u happen to place your webserver in a DMZ environment and want from inside to access webserver localted

in DMZ via public IP address

you will need

same-security-traffic permit intra-interface

static (DMZ,inside) < X.X.X.X > netmask <32_bit_mask>

From withing DMZ host to access webserver via public IP , provided you have an inbound acl for your

outside interface allowing access to X.X.X.X on port 80

same-security-traffic permit intra-interface

static (DMZ,DMZ) < X.X.X.X > netmask <32_bit_mask>

Regards

PLS rate helpful posts if it helps

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card