Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
5
Helpful
2
Replies

Unable to access internal servers using public IP address or DNS(Global) from inside

S.ashok S
Level 1
Level 1

‎04-03-2016 11:54 PM - edited ‎03-10-2019 12:37 AM

Hi,

I have below configuration in Cisco ASA.

object-group service Spark tcp-udp
port-object eq 5222


access-list ISP-1_access_in extended permit ip any object Spark-192.168.18.27 object-group Spark

object network Spark-192.168.18.27
nat (inside,ISP-1) static <Public IP> service tcp 5222 5222

We configured port forwarding, the server is in internal network, have created DNS records in GODADDY with related public IP address.

Able to access the same server with allowed port number from outside with public IP or with name but unable to access the same server from inside network using public IP address or DNS name.

If it is one to one static natting, we are able to access the server even from inside by public IP or name but not for port forwarding servers.

Anybody have the solution for this, kindly help.

Thanks and regards,

Ashok 

Labels:
0 Helpful
2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

‎04-04-2016 08:40 AM

Hi Ashok,

The following example and solution covers what you are experiencing:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html#topic3

cheers,

Seb.

S.ashok S
Level 1
Level 1
In response to Seb Rupik

‎04-04-2016 10:28 PM

Hi, Thank you for your reply.

In object NAT, we are unable to add dns and service key word at the same time.

As this NAT is for port forwarding server, we have to add service key word.

Using ASA 9.4.2 version

Thanks and regards,

Ashok

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents