11-09-2015 07:02 PM - edited 03-11-2019 11:51 PM
Hello,
I have always wondered how to do this for years. Say I have a email server with a private IP 10.10.10.10 that is NATed to a public IP 50.244.244.241.
How do you allow hosts on the 10.10.10.x network to talk to the 50.244.244.241 IP address instead of having to use the private?
I know this is possible with other firewall manufactures. I am wondering how to do this on the Cisco ASA line.
11-09-2015 08:31 PM
Hi William ,
This shall address your query:
https://supportforums.cisco.com/document/145401/dns-doctoring-and-u-turning-asa-when-and-how-use-it
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
11-09-2015 09:09 PM
Hi William,
It is possible with ASA as well. You could use u-turning or dns doctoring :
https://supportforums.cisco.com/document/145401/dns-doctoring-and-u-turning-asa-when-and-how-use-it
for u turning :
If you are working with version 8.2 then try something like
static (inside,inside) 50.244.244.241 10.10.10.10
same-security-traffic permit intra-interface
if you are running version 8.3 or above: try something like:
create object for your email real ip, email mapped ip, object for 10.10.10.x subnet.
nat (inside,inside) source dynamicobject-10.10.10.x object-10.10.10.x destination static object-50.244.244.241 obj-10.10.10.10
same-security-traffic permit intra-interface
Regards,
Akshay Rastogi
Remeber to mark answer as correct if it answers your query or rate the helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide