I apologize for not mentioning that I am using ASDM 6.4 and the ASA is on 8.2(5). How does this translate into the GUI? I pulled my running config, and found the lines that seem to correspond to your response: access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_3 192.168.123.0 255.255.255.128 static (inside,outside) 123.456.789.012 192.168.1.244 netmask 255.255.255.255 So I am pretty sure the global config items are OK, since I have one of these that is working. What do I need to do in the ASDM to complete this configuration? Thanks!
... View more
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did. I appreciate any help. Thanks! I have asked this question other places before, and I am invariably asked why I would want to allow such a pointless thing. Here's some of the reason: Our firm uses handheld devices with proprietary software that can only be configured with one address- and most of the time, it must be in use over a cell connection, over the WAN. There are specific cases where we need to troubleshoot, or optimize sync times under time-sensitive conditions without having to bring additional IT staff in from home. This would put the configuration onus on IT rather than on a less-knowledgible employee and allow a more efficient support experience. Again, I appreciate the help.
... View more