NAT and or DNS Problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2011 11:53 PM - edited 03-11-2019 01:44 PM
Hello
Got a case here where users are befind a firewall, the firewall have for short inside,outside and dmz interfaces. Users access a website that is localted on the dmz network. However, the webserver have an external ip adress that is nated into the dmz adress, Users are accessing the external ip adress and the external dns.
I´ll guess we have to do some NAT U turn in order to make this work, the flow is like this. inside -> outside -> dmz -> inside
//Johan
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2011 12:12 AM
Hi Johan,
Are the users also on the DMZ network and trying to access the server in the DMZ? Then you will need u turning. Here is how you do that:
static (dmz,dmz)
same-security-traffic intra interface
But if the users are on the inside interface and trying to access the server in DMZ, you don't need u-turning.
Hope this helps!
Regards,
Anu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2011 12:19 AM
Hello Anu
Sorry forgot to mention that, all users are on the inside interfance, I also should mention that its only the guest network that has these problems, our regular user networks can access the webserver without any problems at all. There might be a nat in the firewall for those but at this time iam not sure.
//Johan

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2011 12:59 AM
Hi Johan,
What version of ASA are you using? Could you post the output of "sh run" here? Please specify the public and private IP address of the server in DMZ.
Regards,
Anu
