Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
6
Replies

ASA 5510 - cant access own Public IPs

Go to solution
ctusa2003am
Level 1
Level 1

‎02-11-2016 07:48 AM - edited ‎03-03-2019 08:08 AM

Hi,

Having problem with accessing servers/web which are using our own (given by our ISP), but are outside the network.

The company is behind ASA 5510 using E0/2 with Public IP 69.24.x.x (given by our ISP). Inside (E 0/1) being 192.168.1.1 (also the def.gtway for the co.). We do have a router (2901) which connects to the ISP Switch and gives us all the Public IPs.

The problem is when I am accessing a website which is in the DMZ, but can not access from inside our LAN using the public IP. If I try from home/remote, I CAN access that via the Public IP. (will work on DNS etc. afterwards.).

What am I missing?

Thanks,

Ashok

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to ctusa2003am

‎02-11-2016 01:38 PM

If you use a DMZ, you can either use a public IP address block on it directly if you one one that can be routed (nicest solution), or a price IP address block and then NAT that to both the outside and inside interfaces (like the example I gave you).

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-11-2016 11:23 AM

Use object NAT and your problem will go away.  Something like:

object network server
  nat (DMZ,any) static 69.24.x.x
0 Helpful

Go to solution
ctusa2003am
Level 1
Level 1
In response to Philip D'Ath

‎02-11-2016 11:38 AM

Hi Philip,

Thank you for taking the time. Just one quick point. I do not have any 'DMZ' per say. Just E0/2 physically connected to an Ethernet switch, to which this serer/Webserver in questions (using the public 69.24.x.x IP). That switch connects to the router interface, giving us the IPs. Does this change the statements I have to put.

Thanks,

Ashok

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to ctusa2003am

‎02-11-2016 12:25 PM

If you are just NATing from the outside to the inside then you are stuck.  You have two solutions:

  1. Create internal DNS entries to match the external DNS names but pointing to the internal IP addresses.
  2. Create a DMZ, and move the servers into it, and use the NAT approach.
0 Helpful

Go to solution
ctusa2003am
Level 1
Level 1
In response to Philip D'Ath

‎02-11-2016 01:25 PM

Well the point is well taken on the DNS standpoint, but I am just trying to access via IP only.

What would I have to do for accessing these Public IPs outside, while we are going out through the interface which has the same Public network IP.

Thanks

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to ctusa2003am

‎02-11-2016 01:38 PM

If you use a DMZ, you can either use a public IP address block on it directly if you one one that can be routed (nicest solution), or a price IP address block and then NAT that to both the outside and inside interfaces (like the example I gave you).

0 Helpful

Go to solution
ctusa2003am
Level 1
Level 1
In response to Philip D'Ath

‎02-12-2016 01:48 PM

Thanks again. I followed your suggestions. Created all the NATs in the 2nd ASA. Have a route between them (i.e. 1.0 main and 4.0 'DMZ'.) then on my Domain controller DNS, created Zones and records and now everyone can access those sites via www.dns names.

Hope this is acceptable way of doing this.

Thanks,

Ashok

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card