Hello everyone,

I'm fairly new to Cisco firewalls and was able to pick up an ASA 5512-X not too long ago.  Trying to build things out on my home network so that I can better learn about Cisco technologies.

I have a single public IP address which my Outside interface is grabbing via DHCP from my ISP.  I've created a few different port forwarding rules using static NAT with different services for each source network object.  When I specify the services, it doesn't allow me to do any type of DNS hairpinning.  While the port forwarding does appear to work from the outside, if I try and access any of these resources while on my LAN, the ASA appears to be blocking the traffic.

My friend and former co-worker mentioned something while we worked together in the past that firewalls do not like it when you come from the inside, then send traffic outside and it tries to come back on the same interface; however, without the ability to do hairpinning in my current state I am not sure if I can create any ACLs that would allow this.

If anyone could provide any insight or advice on how to allow the devices on the local LAN to still get access to these resources while using DNS which seems to want to go out and come back in I would greatly appreciate it.