10-03-2013 02:03 AM - edited 03-11-2019 07:46 PM
Hi.
i have an ASA 5510
i have an exchance owa server that gets all traffic from 1 IP on 1 interface (and then firewall allows only HTTPS)
I need this owa server to be able to access its own hosted website from its external adderss, which right now it cant.
so say from server i go to https://external.domain.com/exchange
this times out
it works ok from other computers, that do not have the ASA as they're default gateway. so the server is working and ports are forwarding correctly.
I ticked "DNS rewrite" on the static NAT rule but still not working.
any ideas?
Thanks
Solved! Go to Solution.
10-03-2013 02:23 AM
Hi,
So seems that you have a software that still uses the older NAT format since you are running 8.2 (big change from 8.3 onwards)
I am kind of wondering if this will work since usually people are asking a solution for similiar case but there the requirement is that the Internal hosts can contact the server using the public IP address.
If I were to presume the following starting information for these configurations
Then the current configuration (part of it) might be this
global (outside) 1 interface
nat (inside) 1 192.168.10.0 255.255.255.0
static (inside,outside) 1.1.1.1 192.168.10.10 netmask 255.255.255.255
I would then probably try to add the following
global (inside) 1 interface
static (inside,inside) 1.1.1.1 192.168.10.10 netmask 255.255.255.255
And make sure the following setting is enabled on the ASA
same-security-traffic permit intra-interface
- Jouni
10-03-2013 02:10 AM
Hi,
I am not quite why the server needs to contact itself through the public IP address? Why wont it just use the local IP address or I wonder if the 127.0.0.1 loopback would work also?
Naturally you can configure a NAT configuration to enable this to work (or try atleast) but for that I would need to know the current software version of the ASA or see the NAT configurations currently on the firewall
- Jouni
10-03-2013 02:15 AM
I dont know either, i'm also trying to follow up on that too!!
Cisco Adaptive Security Appliance Software Version 8.2(4)
Device Manager Version 6.2(1)
theres no real complex NAT stuff going on, the box is not the default gateway of most devices here, it just does NAT for some web servers and hosts a few vpns.
10-03-2013 02:23 AM
Hi,
So seems that you have a software that still uses the older NAT format since you are running 8.2 (big change from 8.3 onwards)
I am kind of wondering if this will work since usually people are asking a solution for similiar case but there the requirement is that the Internal hosts can contact the server using the public IP address.
If I were to presume the following starting information for these configurations
Then the current configuration (part of it) might be this
global (outside) 1 interface
nat (inside) 1 192.168.10.0 255.255.255.0
static (inside,outside) 1.1.1.1 192.168.10.10 netmask 255.255.255.255
I would then probably try to add the following
global (inside) 1 interface
static (inside,inside) 1.1.1.1 192.168.10.10 netmask 255.255.255.255
And make sure the following setting is enabled on the ASA
same-security-traffic permit intra-interface
- Jouni
10-03-2013 03:50 AM
I am not sure if there is a requirement for this, as exchange is working..
in fact i am not going to bother even trying because i have been told we are updating exchange in the next few weeks.
thanks for your help though! :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide