Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
0
Helpful
4
Replies

How can I get LAN users to use "outside" IP's of ASA

whiteford
Level 1
Level 1

‎06-11-2008 12:23 AM - edited ‎02-21-2020 02:03 AM

Hi,

We have an ASA 5520 fireall with 20 public IP's which NAT'd to various web servers on the DMZ.

The thing is the internal LAN users can access them by typing in the internal IP of the server, but is it possible to treat the servers like an external company so if they type the public IP of FQDNS then it will be resolved?

Thanks

0 Helpful
4 Replies 4

noran01
Level 3
Level 3

‎06-11-2008 04:56 AM

The easiest way to do this is if you are running your own internal DNS that forwards outbound. Just add FQDN records pointing to you internal ips. When an internal user types hosta.domain.com it would resolve to the internal ip and route accordingly.

This would only work if you had internal DNS, but also had an external DNS server hosting your public resources.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎06-11-2008 05:56 AM

It's easy, refer to the following link.

http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html

Hope that helps.

0 Helpful

acomiskey
Level 10
Level 10
In response to Collin Clark

‎06-11-2008 07:12 AM

static (dmz,inside) netmask 255.255.255.255

0 Helpful

whiteford
Level 1
Level 1
In response to acomiskey

‎06-11-2008 07:14 AM

Is this a NAT from internal to external IP?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card