inside to outside ip - Page 2

Anukalp S · ‎08-14-2014

Hi Experts..

I have users sitting on inside and they are trying to access a DMZ server with its outside(public) ip (X.X.X.191) which is static nat but they are unable to reach server. I have allowed same security permit traffic inter & intra interface. ALso have disable spoofing. Still unable to reach. Pls help me out.

object network obj-ANY
nat (inside,outside) dynamic interface

object network obj-ftp-server
nat (dmz,outside) static X.X.X.191

Anukalp S · ‎08-15-2014

Thanks Karsten for your help, i will be coordinating with my seniors on this, and will look for workaround to make communication through outside nat ip, if you can help me on this that will be highly appreciable.

Also could you tell me why i can not reach outside nat ip from indise, why ASA is denying it. What could be the reason, Actually i need to justify this to my seniors.

Karsten Iwen · ‎08-15-2014

> Also could you tell me why i can not reach outside nat ip from indise, why ASA is denying it. What could be the reason, Actually i need to justify this to my seniors.

It's the way the ASA works internally. Generalized: When the ASA sees the public IP it decides to route the Packet to the outside interface. And then it's too late for a new decision that the destination is actually on a different interface. The workaround is to NAT on the destination because that decision is done earlier. But that's not the right way to use the ASA.

Anukalp S · ‎08-15-2014

Thanks Karsten, i have started searching config example for this workaround, it would be very greatful and appreciated if you can share this.

Anukalp S · ‎08-22-2014

Hi.. I did try to explore NAT configuration for this problem to could not get successful. Pls help me out sharing config fo this.