Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
0
Replies

U-Turn NAT on Cisco ASA 5506-X issue

Lukasz P
Level 1
Level 1

‎04-23-2021 09:37 PM

Hello everyone,

 

I got stuck trying to create a u-turn NAT rule for one server and I was hoping someone could guide me in the right direction.

 

I have a web server in VLAN230 which is accessible via port 443 on 2_outside interface:

 

nat (3.230_inside,2_outside) source srv_web interface service service_https_server service_https_server

 

The server gets outside like this:

 

nat (3.230_inside,2_outside) source dynamic obj_any3.230 interface

 

Along with appropriate access lists this allows the server to receive outside connections on port 443, as well as get out for updates etc.

 

This works fine. I also have clients in VLAN10 (workstations) and VLAN20 (IT) which need to access this server using the 2_outside address. I have tried suggestions from this past post but did not get anywhere: ASA and hairpinnig U-turn external NAT rule for DMS host 

 

For example I tried this:

 

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

nat (3.10_inside,3.230_inside) source static any any destination static obj_any3.230 obj_any3.230

 

My ASA is connected to a Cisco 48p switch using a trunk. All subinterfaces have security 0 although the physical interface 3_outside is 100.

 

My device is ASA 5506-X running version 9.8.

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card