Cisco One to One NAT on ASA 5516

martin.tam@innovix.com.hk · ‎08-30-2019

Hi All

I want to setup the one to one NAT on my ASA which can access our web server from internet. Currentlly, the internet user can access our "web server" by our real ip.

However, internal user unable to access "Web Server" over real ip. So how can i setup the ASA for internal user can access our webserver using real ip? Thanks

Scenario:

1. user access out web server over internet. (Done)

2. Internal user access web server by real ip. (Not work)

Thanks

balaji.bandi · ‎08-31-2019

2. Internal user access web server by real ip. (Not work)

Quick fix for this problem is, point your local DNS to Server real IP address for LAN users.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

martin.tam@innovix.com.hk · ‎08-31-2019

Thanks. But we not have any local dns on our office. So can i configure the policy or NAT on our ASA?

###

object network Web_IP
host 20.0.0.2
object network WEB_80
host 10.0.0.100

object network WEB_80
nat (any,outside) static Web_IP service tcp www www

access-list outside_access_in extended permit tcp any object WEB

###

I tried to setup firewall policy even inside but didn't work. Thanks

bhargavdesai · ‎09-03-2019

If you are using public DNS then you can use the "dns" key (DNS Doctoring) at the end of the nat statement. Or you can create a NAT statement that change the destination to your local web server.

The below link explain the whole concept and how it works.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/72273-dns-doctoring-3zones.html

Bhaggu.

bhargavdesai · ‎09-04-2019

Does your problem solved or need more help in this?

If your query is answered please Mark the solution so that others can benefit from it and I am motivated to contribute to the community.

Bhaggu.

martin.tam@innovix.com.hk · ‎09-08-2019

Sorry for late. i will check later. Many thanks for your help.