Having issue with connecting to device (NVR) on same inside interface using external IP address - Hairpin - Loopback Routing
I'm trying to configure an ASA 5506 (ver. 9.8.1) to allow a device on the inside interface (smartphone connected to local network via wi-fi) to access an NVR (network video recorder) that is also on the same inside interface, however, I would like to accomplish this by using the outside interface address.
Currently I have NAT & ACL setup to allow a user that is off-site (over the internet) to connect to the NVR using the outside IP address that is nat'd to the inside address of the NVR; it is working great. My problem is when a user is on-site and connected to the wi-fi, the smartphone app (configured with the outside IP address) will not connect to the NVR on the same inside interface using the outside IP address.
Side note: The current NAT (inside, outside) rule is configured to use TCP port 8000 (port 8000 is an example, actual port is different).
Also, I have enabled same-security-traffic permit intra-interface as well as same-security-traffic permit inter-interface.
When the user is connected to the inside network via local wi-fi, and I insert theinternalIP address of the NVR into the smartphone app, it obviously works. Simple enough, however, my customer does not understand networks and they expect to be able to open the smartphone app and pull up the cameras whether they are connected to the local wi-fi, or when they are halfway around the world on business. I could setup two connections in the smartphone app (local cameras & remote cameras), but I need it to pull up the cameras using only theoutsideIP address regardless of whether the user is connected to the inside interface orthey are connecting from the outside world thru the outside interface.
I have successfully set this up in the past on a Cisco ASA 5505 using nat (inside, inside) and it worked great. I've also heard of this being referred to as hairpin or loopback routing.
Can someone give me a configuration example of how to make this work? Thanks in advance!
IntroductionComponentsIBM MaaS360 ConfigurationISE ConfigurationOnboard and validating access from Windows ClientEnrolling Windows 10 against IBM MaaS 360
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protectio...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,...