Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
1
Replies

Hairpinning - Yet another question

Alex Hamilton
Level 1
Level 1

‎10-17-2016 05:51 PM - edited ‎03-12-2019 01:24 AM

Device: ASA 5505

Having read through almost everything I can find, it appears the solution for accessing a server via a public IP from a client on the same interface/subnet as the server is to use hairpinning and the "nat (internal,internal)..." NAT entry. 

The entry starts with defining both the internal and external address of the server in question. 

For example: 

object network WebServer_Private

host 192.168.10.5

!

object network WebServer_Public

host 72.xxx.xxx.23

Then using those statements in the NAT entry. 

What do you do if your external IP address is dynamic and not static? I have yet to find a way to do hairpinning without a static IP address being known to create the configuration. 

Why is there no option to do the follwing: 

object network WebServer_Public

host interface-outside

Can anyone shed some light on this? I'm absolutely stuck... 

Labels:
0 Helpful
1 Reply 1

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎10-17-2016 10:08 PM

Hi Alex,

If the IP address is dynamic I only see an option of using DDNS on the ASA:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/basic_ddns.html#wp1189610

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card