My inside network have a web server that need static mapped to public network. How to solve the internal users access server problem after using a mapping address? The topology: user2==========internet=======OUTSIDE-ASA--DMZ----web server int g0 nameif outside ip add 100.1.1.1 255.255.255.252 no shu int g1 nameif inside ip add 192.168.1.254 255.255.255.0 no shu int g2 nameif DMZ security-level 50 ip add 172.16.1.254 255.255.255.0 no shu route outside 0 0 100.1.1.2 object network inside-to-outside subnet 192.168.1.0 255.255.255.0 nat (inside,outside) dynamic interface object network DMZ-static-80 host 192.168.1.10 nat (dmz,outside) static 100.1.1.1 service tcp 80 80 Now,user2 can access the ASA dmz zone web servers port 80. but,the inside user can not access web-server.because the destination address is 100.1.1.1 that is ASA outside port. so the packet is drops. How to solve this question? The existing environment, are not allowed to add DNS server in the inside! ... View more