Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
0
Helpful
5
Replies

Pix Loopback??

Go to solution
jdlampard
Level 1
Level 1

‎06-25-2008 01:57 PM - edited ‎03-11-2019 06:05 AM

I have a 515E running 7.2(2) with two interfaces. This firewall is the default gateway for all internal systems. I have an inside host with a static translation... ACL allows access to this host from the Internet. What I need, if possible, is to have *internal* clients access the host using it's public address.

^scratches head^

Thanks for your help!

Regards,

JD

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎06-25-2008 02:17 PM

You may want to look into hairpining with static nat, take a look at this link mid way down.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Rgds

-Jorge

Jorge Rodriguez

View solution in original post

0 Helpful
5 Replies 5

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎06-25-2008 02:17 PM

You may want to look into hairpining with static nat, take a look at this link mid way down.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Rgds

-Jorge

Jorge Rodriguez
0 Helpful

Go to solution
jdlampard
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎06-25-2008 06:19 PM

Hairpinning provides the necessary access. Thanks for your prompt response, Jorge!

-JD

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to jdlampard

‎06-25-2008 06:47 PM

Jonathan, glad it worked and thank you for the rating.

Rgds

-Jorge

Jorge Rodriguez
0 Helpful

Go to solution
goulin
Level 1
Level 1

‎06-25-2008 08:21 PM

Hi,

I am not sure if it would work, but can you setup a static translation from the internal interface to the internal interface and map the internal IP address to the IP? I tried to enter the command on a production ASA running v7 code and it didn't complain that I was doing a NAT on the same interface. I haven't tested if it works though.

If that doesn't work, my suggestion would be to setup the server on a seperate VLAN to the rest of your internal network and change the internal interface to use trunking, that way you should be able to setup NATs from the 'internal' interface and from the 'external' interface with the same IP address to the 'server' interface, and not have to use any other interfaces.

That is assuming that you are not using the external IP address of the PIX for the static translation. If you are using the external interface IP for the translation, I am not sure if it will work.

Anyone else with suggestions?

0 Helpful

Go to solution
jdlampard
Level 1
Level 1
In response to goulin

‎06-25-2008 08:26 PM

I appreciate your response.

I followed the hairpinning configuration sample in the link that Jorge supplied and it worked exactly as needed.

All clients, Internet and internal, access the host with the public (NAT) address. I verified with traceroute and by simply looking in the Pix's log.

-JD

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card