Redirect outside IP request to inside host

adrianhenderson · ‎03-28-2012

Hi,

Wondering if on the ASA (8.4) its possible to do something like what DNS rewrite does, but with IP requests. Scenario. Mobile phone accesses a web app inside our network fine over cellular. Once it comes inside on to wifi it still has the public IP address cached so the ASA doesn't allow its request to loop around and the app appears broken. We're considering lowering the TTL on the DNS host entry but I think we are battling phones/mobile OS's that don't have a strict adherence to name resolution standards. A lot just seem to refresh their caches every 10-15 minutes.

Jouni Forss · ‎03-28-2012

Hi,

Is the resource in the same private IP range behind the ASA than the mobile phone when its using Wifi?

Or is the web server on some DMZ segment of the ASA?

adrianhenderson · ‎03-28-2012

They are on different VLANS behind the firewall.

Jouni Forss · ‎03-28-2012

Hi,

Are those Vlans trunket to the ASA? Is every Vlan its own interface on the ASA I mean?

I guess you have a static NAT for the web server towards outside but the mobile devices keep connecting to the public IP address even after the Mobile -> Wifi change?

adrianhenderson · ‎03-28-2012

The ASA has its own VLAN connected to our switch that handles all the VLAN routing internally. Default route goes back out to the ASA

We do have a static NAT set up, and you are correct about thwe behaviour of the mobile device when it changes to WiFi.