Solved: NAT question with sw 9.1

Johan Olsson · ‎10-17-2013

Hi, this is probably a simple NAT question but I can't find answer.

From my inside interface with security level 100, I can access servers on the dmz interface with security level 50.

But if I publish a server on the dmz interface to outside, i can no longer connect to it from inside.

I publish the server with the command:

object network server-name
host 10.50.50.10 (ex ip to server)

object network server-name
nat (any,any) static 216.22.34.46 (ex public ip)

I have an acl on the outside interface in and allow traffic to the server. It all works well from outside internet --> to the server on the dmz. But i do not have access from an inside host to the server.

I assume it have to do with the NAT command?

I'm using an asa 5512-x with sw 9.1

narawat · ‎10-17-2013

Hi Johan,

You are using "nat(any,any)", so dont use that as you know that the server that you are publishing is on dmz and you are publishing it for traffic from outside interface

Use this instead

object network server-name
host 10.50.50.10 (ex ip to server)

object network server-name
nat (dmz,outside) static 216.22.34.46 (ex public ip)

Try this i am sure this will make it work for both inside users as well as outside users.

Cheers,

Naveen

View solution in original post

narawat · ‎10-17-2013

Hi Johan,

You are using "nat(any,any)", so dont use that as you know that the server that you are publishing is on dmz and you are publishing it for traffic from outside interface

Use this instead

object network server-name
host 10.50.50.10 (ex ip to server)

object network server-name
nat (dmz,outside) static 216.22.34.46 (ex public ip)

Try this i am sure this will make it work for both inside users as well as outside users.

Cheers,

Naveen

Johan Olsson · ‎10-17-2013

Thanks Naveen, it works