Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1100
Views
0
Helpful
3
Replies

NAT external IP to internal IP when connected to the internal network.

FloFlex
Level 1
Level 1

‎02-10-2020 11:41 AM

Hello,

 

We have on our internal network a CalDav server which is accessible from outside using NAT rules on our ASA 5506 firewall.

However, this CalDav server should be accessible from outside (working) and also from our internal network. The smartphones having the CalDav client application installed are always configured to point on the public IP of this server, but once the smartphones are connected to the internal network, they do not have access to the "public" server anymore. Then, I'm trying to figure out what would be the best practice (with the ASDM) to NAT the external IP to an internal IP when trying to access this server from the internal network. 

 

Thanks in advance for you support,

Florian

 

Labels:
0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎02-10-2020 07:05 PM

Hi

Let's assume public ip is 1.1.1.1 and private ip of the server is 2.2.2.2. Also let's assume you have 2 interfaces: inside and outside.

object network PUB-SRV
host 1.1.1.1
object network PRIV-SRV
host 2.2.2.2
object network LAN-PCS
subnet 192.168.1.0 255.255.255.0
nat (inside, outside) source static LAN-PCS LAN-PCS destination static PUB-SRV PRIV-SRV no-proxy-arp route-lookup

Try it, replace with correct IPs info and let me know.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

FloFlex
Level 1
Level 1
In response to Francesco Molino

‎02-24-2020 01:56 AM

Hi Franscesco,

Thanks a lot for your reply.

I've tried your recommandation but it looks like their something else I have to resolve when looking into the log. Indeed, something preventing me to perform the transaction :
2 106001 192.168.1.59 59326 PUB-SRV 38443 Inbound TCP connection denied from 192.168.1.59/59326 to PUB-SRV/38443 flags SYN on interface localNetwork. I keep you posted.
0 Helpful

Georg Pauwen
VIP
VIP

‎02-11-2020 02:55 AM

Hello,

 

something like the below should work as well (IP addressing is arbitrary obviously):

 

same-security-traffic permit intra-interface
!
interface GigabitEthernet0/1
nameif inside
security level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security level 0
ip address 100.100.100.1 255.255.255.252
!
object network WEBSERVER_PUBLIC
host 100.100.100.1
!
object network WEBSERVER_LOCAL
host 192.168.1.100
!
object service HTTP
service tcp destination eq www
!
object-group network LOCAL_HOSTS
network-object 192.168.1.0 255.255.255.0
!
nat (inside,inside) source dynamic LOCAL_HOSTS interface destination static WEBSERVER_PUBLIC WEBSERVER_LOCAL service HTTP HTTP

0 Helpful
Customers Also Viewed These Support Documents