Solved: Re: How to translate this

cisconoobie · ‎03-27-2007

I have a webserver that is on my inside network. I created a NAT that translates a public Ip to inside Ip and it works great.

The only problme I have is that I cannot access from inside the Public IP of the internal webserver. How do I setup this reverse translation?

acomiskey · ‎03-27-2007

There are 2 good options here

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#

If you are using an external dns server, the first option will work well, dns doctoring. The second option is hairpinning, which will allow the traffic to enter and exit the inside interface with a static nat.

View solution in original post

acomiskey · ‎03-27-2007

There are a few solutions for this but depends on what code you're running, is this pix or asa?

You can edit the HOST file on your machine to point to inside address. You can do dns doctoring if using an external dns server. You can do hairpinning if you are running code 7.

cisconoobie · ‎03-27-2007

Asa version 7.2

cisconoobie · ‎03-27-2007

Asa version 7.2

acomiskey · ‎03-27-2007

There are 2 good options here

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#

If you are using an external dns server, the first option will work well, dns doctoring. The second option is hairpinning, which will allow the traffic to enter and exit the inside interface with a static nat.

abinjola · ‎03-27-2007

ok use these commands :-

same-security-traffic permit intra interface

static (inside,inside)

cl xlate

cl loc

norriscr1 · ‎03-27-2007

!!! Just be careful running the "cl xlate" command in a production environment. That could really impact your current traffic and cause the phones to ring.

abinjola · ‎03-27-2007

were the commands helpful..?

acomiskey · ‎03-27-2007

glad I could help!