06-12-2011 11:53 PM - edited 03-11-2019 01:44 PM
Hello
Got a case here where users are befind a firewall, the firewall have for short inside,outside and dmz interfaces. Users access a website that is localted on the dmz network. However, the webserver have an external ip adress that is nated into the dmz adress, Users are accessing the external ip adress and the external dns.
I´ll guess we have to do some NAT U turn in order to make this work, the flow is like this. inside -> outside -> dmz -> inside
//Johan
06-13-2011 12:12 AM
Hi Johan,
Are the users also on the DMZ network and trying to access the server in the DMZ? Then you will need u turning. Here is how you do that:
static (dmz,dmz)
same-security-traffic intra interface
But if the users are on the inside interface and trying to access the server in DMZ, you don't need u-turning.
Hope this helps!
Regards,
Anu
06-13-2011 12:19 AM
Hello Anu
Sorry forgot to mention that, all users are on the inside interfance, I also should mention that its only the guest network that has these problems, our regular user networks can access the webserver without any problems at all. There might be a nat in the firewall for those but at this time iam not sure.
//Johan
06-13-2011 12:59 AM
Hi Johan,
What version of ASA are you using? Could you post the output of "sh run" here? Please specify the public and private IP address of the server in DMZ.
Regards,
Anu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide