Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
675
Views
0
Helpful
2
Comments

I have a question about ASA NAT!

shenshu7895123
Level 1
Level 1

‎03-03-2014 12:53 AM - edited ‎03-08-2019 06:54 PM

My inside network have a web server that need static mapped to public network.
How to solve the internal users access server problem after using a mapping address?

The topology:


user2==========internet=======OUTSIDE-ASA--DMZ----web server

int g0
nameif outside
ip add 100.1.1.1 255.255.255.252
no shu
int g1
nameif inside
ip add 192.168.1.254 255.255.255.0
no shu
int g2
nameif DMZ
security-level 50
ip add 172.16.1.254 255.255.255.0
no shu

route outside 0 0 100.1.1.2


object network inside-to-outside
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) dynamic interface

object network DMZ-static-80
host 192.168.1.10
nat (dmz,outside) static 100.1.1.1 service tcp 80 80


Now,user2 can access the ASA dmz zone web servers port 80.
but,the inside user can not access web-server.because the destination address is 100.1.1.1 that is ASA outside port. so the packet is drops.
How to solve this question?
The existing environment, are not allowed to add DNS server in the inside!

Labels:
0 Helpful
Comments
chetansharma2
Level 1
Level 1
‎03-03-2014 01:09 AM

Ask user to try this IP for 192.168.1.10 for local

shenshu7895123
Level 1
Level 1
‎03-03-2014 01:15 AM

The user wants to direct access to the Outside domain name to a web server communication

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents