Unified port forwarding for public and private IP Addresses
We had a server on a public address and we moved it to a private IP address. The server is accessible from the world through port forwarding (over a particular public IP Address acting as a proxy/gateway) for a particular service (http, https).
The problem is that internal hosts with private IP Addresses cannot access the server through the proxy public IP Address.
This behavior could be considered expected, since Port Forwarding is aimed to serve external requests (from clients with public IP addresses).
However, this causes a problem: internal clients with private IP Addresses need to access the server through the server private IP address whereas external clients with public IP Address access the server through the proxy public IP Address.
This causes confusion to users (because sometimes they work from internal workstations and sometimes from public networks), so we need a unified access way through a single IP Address.
Our LANs are terminated on a Cisco ASA which acts as a router between them and routes traffic from/to the organization border router.
The question: is there a way to configure ASA port-forwarding so as to accept requests from private IP Addresses (on multiple interfaces/LANs/subnets) to the proxy/gateway public IP Address (on ports 80, 443) and pass-them through to the server private IP Address rather than dropping them?
If there is no way to achieve the above, I don't see any other way to find a solution than to assign a public IP Address to the server (as it was in the first place).
(Another solution would be to use a split-DNS architecture, so that internal clients use the same domain name with a different IP Address. However, this is not a feasible solution in our environment, at least in the foreseeable future.)
Jagadeesh Tammera, a Content Engineer for Cisco specializing in Security/VPN domain, explains how hair-pinning works on Cisco ASA and some of its real-time implementations. For more information on this topic please visit: ...