We just upgraded our ASA 5520 from 8.2 to 8.4(2) and I am just now getting familliar with the new config. We have an inside, outside, and DMZ interface. There is a web server in the DMZ with IP 10.6.129.5. I would like to NAT this address to a public internet IP that we own, so that users coming in from the outside can hit it. Let's say that the public IP on the outside is 172.16.129.5. I would also like my Inside users on the private LAN who are trying to hit 172.16.129.5 accomplish the same thing as users coming from the Outside. So is this a supported config?
object network obj-10.6.129.5
host 10.6.129.5
object network obj-10.6.129.5-01
host 10.6.129.5
object network obj-10.6.129.5
nat (dmz,outside) static 172.16.129.5
object network obj-10.6.129.5-01
nat (dmz,inside) static 172.16.129.5
access-list acl-outside extended permit tcp any host 10.6.129.5 eq 80
access-list acl-inside extended permit tcp any host 10.6.129.5 eq 80
When I enter the config into the ASA, it took the commands and everything works as desired. But I remember from the PIX world that NATing the same address to two different interfaces on the firewall causes intermittent problems. I would just like to know if what I am doing here on the ASA 8.4(2) is a supported config. Thanks.