cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6758
Views
16
Helpful
12
Replies

NAT and U-turn traffic

jagdev.dhaliwal
Level 1
Level 1

  Hello All,

I a have situation, I  published a web service over Internet. its working fine for Internet user. Now I want the internal user access the same application using the Public IP. it does not work for internal users.

Internal User +Web Server (same Vlan)----------- ASA -------- Internet Router

       

ASA Version 8.2(5)

For Internet access

nat (Inside) 1 0.0.0.0 0.0.0.0
global (Outside) 1 interface

WEB Server NAT

static (Inside,Outside) <Public IP Y.Y.Y.Y>  <Private IP X.X.X.X> netmask 255.255.255.255

ACL
access-list OUTSIDE extended permit tcp any host Public IP Y.Y.Y.Y eq https

U-Turn traffic

same-security-traffic permit intra-interface

      

Can please suggest what is the issue ARP/source NAT/anything else?

Thanks

Jagdev

1 Accepted Solution

Accepted Solutions

Jagdev,

global (inside) should nat the traffic only if the destination is on the inside interface, do you don't need to create a policy destination nat, however it is possible:

access-list NAT permit ip any host Private_IP

nat (inside) 2 access-list NAT

global (inside) 2 interface

Regards,

Felipe.

View solution in original post

12 Replies 12