• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

ASA 5505 hairpinning

Hi,

I previously had the following network arrangement (IP addresses changed to RFC 1918 for privacy purposes).

An outside network of 192.168.1.0/24 (This is actually public-space in the actual rea-life scenario)
An inside network of  10.0.0.0/24 (This is RFC 1918 space in the real life-scenario)
An Asa 5505 sitting between the two.


A monitoring device with ip 192.168.1.10 monitoring an inside device with IP 10.0.0.10 with SNMP via a static one to one NAT and appropriate ACLs on the ASA.


The configuration has recently changed in that there is now a site to site VPN from the ASA to a remote site (supplied via a DSL line) with an IP range of 10.0.1.0/24. The site to site VPN matches 10.0.0.0/24 to 10.0.1.0/24 and vice versa.
The device with the original IP of 10.0.0.10 has moved to the remote site and now has a IP of 10.0.1.10.
This device is reachable from the 10.0.0.0/24 network directly over the VPN.

What i need to get working is the monitoring. Monitoring traffic will still be sourced at 192.168.1.10 but cannot be allowed to access the target device (10.0.1.0) via the DSL's WAN connection and as  a result the traffic needs to go over the exisitng site to site.
A static one to one NAT is still requried as the 192.168.1.10 machine is actually public IP in real life.
IS this possible?

Cheers,
Phil.
0
PhilMacavity
Asked:
PhilMacavity
1 Solution
 
Nothing_ChangedCommented:
Yes, this should work on your ASA by adding this command:

same-security-traffic permit intra-interface
0
 
PhilMacavityAuthor Commented:
Additional NAT commands were requried n order to get the correct functionality.
0

Featured Post

Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now