My inside network have a web server that need static mapped to public network.
How to solve the internal users access server problem after using a mapping address?
The topology:
user2==========internet=======OUTSIDE-ASA--DMZ----web server
int g0
nameif outside
ip add 100.1.1.1 255.255.255.252
no shu
int g1
nameif inside
ip add 192.168.1.254 255.255.255.0
no shu
int g2
nameif DMZ
security-level 50
ip add 172.16.1.254 255.255.255.0
no shu
route outside 0 0 100.1.1.2
object network inside-to-outside
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) dynamic interface
object network DMZ-static-80
host 192.168.1.10
nat (dmz,outside) static 100.1.1.1 service tcp 80 80
Now,user2 can access the ASA dmz zone web servers port 80.
but,the inside user can not access web-server.because the destination address is 100.1.1.1 that is ASA outside port. so the packet is drops.
How to solve this question?
The existing environment, are not allowed to add DNS server in the inside!