Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2162
Views
0
Helpful
1
Comments

ASA Access server using its public ip address from internal network

Rajat Sharma
Cisco Employee
Cisco Employee

‎06-17-2013 11:59 AM - edited ‎05-20-2025 12:36 PM

There are some cases in which customer needs the ability to access the server from a host sitting behind the same interface using it's public ip address. Usually DNS inspection is used to do this, however DNS inspection is not possible in some cases when the dns request do not pass through the ASA.

Topology


------10.1.1.0/24(internal network)----------inside---ASA----20.1.1.0/24----outside

 

 

Following is the static statement to map the server public to private ip addreses:

static (inside,outside) 20.1.1.10 10.1.1.10

Following are the nat and global statement for the inside host to access the internet:

nat (inside) 1 0 0

global (outside) 1 interface

Below added configuration  on the ASA would achieve the result:


global (inside) 1 interface

static (inside,inside) 20.1.1.10 10.1.1.10

Similar configuration would be required in 8.2+.

Labels:
0 Helpful
Comments
wilson.yu
Level 1
Level 1
‎06-19-2013 05:59 AM

very good.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents