maxis2cute
asked on
Cisco ASA route traffic outside then back in (hairpin)
i have to route traffic to an outside ip address which is part of my public ip range, then have that traffic come back into my network with a static nat which is already set up.
i.e. inside---192.168.1.3---out side 100.100.100.1----natted to inside-----192.168.1.5
i.e. inside---192.168.1.3---out
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is the server hostname resolved externally?
ASKER
i believe so
Okay, so you removed the "static" statement for the server and then added it back with the "dns" keyword at the end?
no static (inside,outside) x.x.x.x. y.y.y.y netmask 255.255.255.255
static (inside,outside) x.x.x.x. y.y.y.y netmask 255.255.255.255 dns
no static (inside,outside) x.x.x.x. y.y.y.y netmask 255.255.255.255
static (inside,outside) x.x.x.x. y.y.y.y netmask 255.255.255.255 dns
ASKER
i had that in already, i have just tried the insid, inside nat and global inside 1 interface, now i have to see if it works
Well, with the "dns" option on the static, it will only work if you use the hostname (not the IP address). If you ping the hostname from the inside, it should resolve to the inside IP address (not the external).
ASKER
i guess i could reopen pings
You don't need to open ping. I am more interested in the DNS response. The ping of the hostname will generate a DNS query. If the rewrite is working properly, the hostname should resolve to the internal IP address (instead of the public IP).
ASKER
its actually https://www..........
Yeah, that's okay. Have you tried a ping to the hostname from a command prompt on the inside?
ASKER
i must be an idoit, the external host name is blabla/bla i dont know how to put int the / to ping
the internal host name is different
the internal host name is different
ASKER
if i do an ns lookup it gives me the external ip address and a ping to just the main domain name gives me the external ip address as well
ASKER
foreget it i just made a lmhost file instead
Well, that is an option :) Typically not the best if you are talking about a good number of workstations though...
ASKER
thats what login scripts are for. thanks your help is dead on , i have never got this to work. EVER
ASKER