Re: Cannot Access Public IP Server from Inside

iniguschannel · ‎07-01-2023

So, I have local server grafana that being nat to public ip, it can be accessed if I access from external network. Here I want to access my public grafana server from inside/internal network. Here is the example we say :

Local server grafana ip 192.168.10.70
Public ip that being nat to grafana local 201.10.10.100

here's the config:

object network IP_Local_Grafana
host 192.168.10.70

object network Local-IP_Grafana
host 192.168.10.70
object network Public-IP_Grafana
host 201.10.10.100

object network Local-IP_Grafana
nat (inside,outside) static Public-IP_Grafana

object network IP_Local_Grafana
nat (inside,inside) static Public-IP_Grafana

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

object-group service DM_INLINE_SERVICE_1
service-object icmp
service-object icmp echo-reply
service-object tcp destination eq ftp
service-object tcp destination eq www
service-object tcp destination eq 3000

access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object Local-IP_Grafana

I still cannot access my grafana's public ip, what's wrong? Please someone help I really appreciate.

MHM Cisco World · ‎07-01-2023

iniguschannel · ‎07-01-2023

Yes sir, from that pic LAN cannot access Public's ip server. I want to local network can access to public ip that being nat into my local grafana server. Is there no solution?

MHM Cisco World · ‎07-01-2023

change the NAT from objec to manual nat
object network Local-IP_Grafana
nat (inside,outside) static Public-IP_Grafana <<- remove this

object network IP_Local_Grafana
nat (inside,inside) static Public-IP_Grafana <<0 remove this

add this
nat(INSIDE,OUTSIDE) .....
nat(INSIDE, INSIDE).....

iniguschannel · ‎07-01-2023

Oke sir I will try and inform if solved thank you

Flavio Miranda · ‎07-01-2023

Hi

Why you want to access to the public or NATted IP address? Why not on the real ip address? Is there a reason?

iniguschannel · ‎07-01-2023

Because that Public IP resolved to my domain and I want to access through my domain sir. Is there any solution sir?

Flavio Miranda · ‎07-01-2023

Do you have internal DNS or is it external?

iniguschannel · ‎07-01-2023

Yes I have Internal DNS sir

Flavio Miranda · ‎07-01-2023

Have you considered create an entry for the graphana server resolving internally and then use "no-nat" feature when the traffic were from inside to graphana interface?

object network inside
host x.x.x.x
object network IP_Local_Grafana
host 192.168.10.70
nat (inside,IP_Local_Grafana) source static inside inside destination static IP_Local_Grafana IP_Local_Grafana

iniguschannel · ‎07-02-2023

Isn't this config wrong sir?
ASA(config-network-object)# nat (inside,Local-IP_Grafana) source ?
ERROR: % Unrecognized command

Current available interface(s):
any Global address space
inside Name of interface Ethernet1/2
management Name of interface Management1/1
outside Name of interface Ethernet1/1

paul driver · ‎07-01-2023

Hello

object network internal_real
network 192.168.10.0

object network internal_public
host 201.10.10.101

object network external_public
host 201.10.10.100

object network external_internal
host 192.168.10.70

nat (inside,outside) source static internal_real internal_public destination static external_internal external_public

access-list OUT-IN extended permit ip host 201.10.10.100 host any
access-group OUT-IN in interface outside

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul