cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
550
Views
0
Helpful
6
Replies

How do I go about accomplishing this?

david.tran
Level 4
Level 4

don't have an ASA to test this at the moment so I have to ask.

I have a checkpoint firewall with only two interfaces, internal and external.  Internal interface has an ip address of 192.168.1.254/24.  External interface has an IP address of 1.1.1.254/24.  On the internal facing side,  I have two linux hosts linux1 (192.168.1.1/24) and linux2 (192.168.1.2).  Both of the linux hosts have static NAT to public ip address as follows:

linux1 192.168.1.1 static NAT to 1.1.1.1

linux2 192.168.1.2 static NAT to 1.1.1.2

Now here is my issue:

host linux1 must be able to communicate with host linux2 using public IP address.  In other host linux1 must be able to telnet to host linux2 public IP address of 1.1.1.2.  In other words, from host linux1, I must be able to "telnet 1.1.1.2" and see a login prompt. 

On the Checkpoint firewall, I can easily accomplish this by using hiding the source IP address of 192.168.1.1/24 to the firewall Interface of 1.1.1.254 and then translate the destination of 1.1.1.2 to 192.168.1.2.  Very easy and it works.

How do I go about doing this with the ASA WITHOUT using DNS server (i.e. implementing alias)?

Thanks in advance

6 Replies 6

Julio Carvajal
VIP Alumni
VIP Alumni

You are looking for the U-turning configuration setup ,

If DNS doctoring is out of the picture that's ur only option,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC