Hello everyone,
I got stuck trying to create a u-turn NAT rule for one server and I was hoping someone could guide me in the right direction.
I have a web server in VLAN230 which is accessible via port 443 on 2_outside interface:
nat (3.230_inside,2_outside) source srv_web interface service service_https_server service_https_server
The server gets outside like this:
nat (3.230_inside,2_outside) source dynamic obj_any3.230 interface
Along with appropriate access lists this allows the server to receive outside connections on port 443, as well as get out for updates etc.
This works fine. I also have clients in VLAN10 (workstations) and VLAN20 (IT) which need to access this server using the 2_outside address. I have tried suggestions from this past post but did not get anywhere: ASA and hairpinnig U-turn external NAT rule for DMS host
For example I tried this:
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
nat (3.10_inside,3.230_inside) source static any any destination static obj_any3.230 obj_any3.230
My ASA is connected to a Cisco 48p switch using a trunk. All subinterfaces have security 0 although the physical interface 3_outside is 100.
My device is ASA 5506-X running version 9.8.