04-03-2016 11:54 PM - edited 03-10-2019 12:37 AM
Hi,
I have below configuration in Cisco ASA.
object-group service Spark tcp-udp
port-object eq 5222
access-list ISP-1_access_in extended permit ip any object Spark-192.168.18.27 object-group Spark
object network Spark-192.168.18.27
nat (inside,ISP-1) static <Public IP> service tcp 5222 5222
We configured port forwarding, the server is in internal network, have created DNS records in GODADDY with related public IP address.
Able to access the same server with allowed port number from outside with public IP or with name but unable to access the same server from inside network using public IP address or DNS name.
If it is one to one static natting, we are able to access the server even from inside by public IP or name but not for port forwarding servers.
Anybody have the solution for this, kindly help.
Thanks and regards,
Ashok
04-04-2016 08:40 AM
Hi Ashok,
The following example and solution covers what you are experiencing:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html#topic3
cheers,
Seb.
04-04-2016 10:28 PM
Hi, Thank you for your reply.
In object NAT, we are unable to add dns and service key word at the same time.
As this NAT is for port forwarding server, we have to add service key word.
Using ASA 9.4.2 version
Thanks and regards,
Ashok
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: