Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
15
Helpful
5
Replies

ASA 5505 use public IP from inside

Go to solution
jsd
Level 1
Level 1

‎06-25-2007 11:49 AM - edited ‎03-05-2019 04:57 PM

I have some services at our corporate network that are published using our public IP. All services works fine from outside our net but I need them to be available from the inside too. I need some directions on how to solve such a problem.

For example: http-traffic to our public IP from the inside must make a u-turn back into my ASA.

Thank you for any clues!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sundar.palaniappan
Level 10
Level 10
In response to jsd

‎06-25-2007 01:01 PM

You would have to configure static NAT (inside,inside) for every host/service that you want the ASA redirect the traffic back to the inside interface when the client tries to get to the outside address of the server.

HTH

Sundar

View solution in original post

0 Helpful
5 Replies 5

Go to solution
sundar.palaniappan
Level 10
Level 10
In response to pstebner1

‎06-25-2007 12:14 PM

Jonas,

Paul has provided you the correct link to address your situation. As explained in the link you have two options.

1. DNS doctoring

2. NAT Hairpinning

Either one should work. Choose the solution that's appropriate for your environment.

HTH

Sundar

Go to solution
jsd
Level 1
Level 1
In response to sundar.palaniappan

‎06-25-2007 12:36 PM

Thank you guys. Found that link just before I read your posts (should have done some searching first, lazy me...).

As I understand it, I must create statics for each and every service that I want to access from the inside (given the usage of our public IP). Isn't there a way to just say: "All traffic to [outside-ip] from [inside-subnet] shall be hairpinned to [outside-ip]"? Then I can leave all my port forwards as is.

Am I making sense?

0 Helpful

Go to solution
sundar.palaniappan
Level 10
Level 10
In response to jsd

‎06-25-2007 01:01 PM

You would have to configure static NAT (inside,inside) for every host/service that you want the ASA redirect the traffic back to the inside interface when the client tries to get to the outside address of the server.

HTH

Sundar

0 Helpful

Go to solution
jsd
Level 1
Level 1
In response to sundar.palaniappan

‎06-25-2007 01:19 PM

OK, thank you Sundar! That answer my questions.

Interesting that this never was a problem with my previous firewalls from Symantec. I guess it means that those boxes always created an equivalent to static(inside, inside) every time you made a "port forward" behind the scenes.

Again, thanks for fast and helpful answers.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card