03-22-2015 01:15 PM - edited 03-11-2019 10:40 PM
Hello. I'm having trouble configuring a loopback policy. I need to be able to reach an internal server (email) using it's public IP. The NAT rule that I currently have in place allows access to said server from the outside with no issue. However, when I attempt to connect to this public IP from the inside I receive no response (page cannot be displayed). I've run multiple "packet traces" and they come back with no error. What am I missing? I have also enabled "enable traffic between two or more interfaces with the same security level" and "enable traffic between two or more hosts connected to the same interface". Thanks for your time.
Solved! Go to Solution.
03-22-2015 03:52 PM
The issue you are facing is most likely a DNS issue. Is your DNS server located on the same subnet as the inside network or are you using a public DNS server? If you are using a public DNS server or if your DNS server is located off a different interface than your inside network then you need to add the key word dns to the end of the NAT statement you have created for accessing the server from the internet. If the DNS server is located on the same subnet as the inside network, you will need to create a NAT statement that translates the public address to the private address on the inside network:
same-security-traffic permit intra-interface
object network LAN
subnet 10.10.10.0 255.255.255.0
object network SERVER_PRIVATE
host 10.10.10.10
object network SERVER_PUBLIC
host 62.62.62.62
nat (inside,inside) souce static LAN LAN destination static SERVER_PUBLIC SERVER_PRIVATE
--
Please remember to select a correct answer and rate helpful posts
03-22-2015 03:52 PM
The issue you are facing is most likely a DNS issue. Is your DNS server located on the same subnet as the inside network or are you using a public DNS server? If you are using a public DNS server or if your DNS server is located off a different interface than your inside network then you need to add the key word dns to the end of the NAT statement you have created for accessing the server from the internet. If the DNS server is located on the same subnet as the inside network, you will need to create a NAT statement that translates the public address to the private address on the inside network:
same-security-traffic permit intra-interface
object network LAN
subnet 10.10.10.0 255.255.255.0
object network SERVER_PRIVATE
host 10.10.10.10
object network SERVER_PUBLIC
host 62.62.62.62
nat (inside,inside) souce static LAN LAN destination static SERVER_PUBLIC SERVER_PRIVATE
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide