Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4542
Views
20
Helpful
3
Replies

Hairpin NAT ASA5506-X version 9.8

Go to solution
Yura Kazakevich
Level 1
Level 1

‎12-01-2018 12:33 AM - edited ‎02-21-2020 08:31 AM

Hellow everyone!

 

I'm trying to configure Hairpin NAT on my ASA5506X (version 9.8.2.20) in order to allow internal users connect to internal servers through their Public IP address 82.52.222.122 (fake).

I used this scenario on my old Cisco PIX515E (version 8.0.4.28) without any problems, but I cannot make it work on ASA.

Could somebody help please?ASA5506_hairpin.jpg

 

 

 

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Yura Kazakevich
Level 1
Level 1
In response to Abheesh Kumar

‎12-01-2018 10:21 AM

Yeah! It's working!

Here is correct code:

nat (inside,inside) 28 source static inside-network interface destination static 82.52.222.122 192.168.3.99 service any http8000 description Hairpin

 

GUI:

ASA5506_hairpin_gui.jpg

View solution in original post

3 Replies 3

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni

‎12-01-2018 02:01 AM - edited ‎12-01-2018 02:02 AM

Hi,
Create a nat rule to allow traffic from inside to inside as below.
nant (inside, inside) 28 source static 192.168.3.90 interface destination static 82.52.222.122 192.168.3.99 service http8000

HTH
Abheesh

Go to solution
Yura Kazakevich
Level 1
Level 1
In response to Abheesh Kumar

‎12-01-2018 10:21 AM

Yeah! It's working!

Here is correct code:

nat (inside,inside) 28 source static inside-network interface destination static 82.52.222.122 192.168.3.99 service any http8000 description Hairpin

 

GUI:

ASA5506_hairpin_gui.jpg

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-01-2018 05:47 AM

adding to other post, if you like to know how the process  happens  in ASA  code, here is the document for reference :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/firewall/asa-98-firewall-config/nat-reference.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card