Allow two IP's see each other?


I have a Cisco ASA 5510 configured; I have added a web server inside the network and is accessible from outside.
I want to allow all internal users to see the website using the domain instead of the internal ip address.

Can this be done via the ASA? Both the users and webserver are using the same public IP address.

Thanks, Joe
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This can be done with config called hairpinning but it's not recommended.  What's the reason you don't want them accessing the webserver though internal DNS?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
u just need to use dns and allow dns port to communicate in the asa. ASA does not have much part in it. You also need to allow www traffic from users to the webserver.

How come users and webserver have the same public ip???
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

Heres what you can try. Make sure your dns points to your public IP and try this

static (inside,inside) Public_IP Private_IP netmask
joe90kaneAuthor Commented:
Thanks for the comments the hairpinning setup is working great - Is there any security concerns related to the setup?
I can't think of any explicit security issues but you should be aware of the additional www traffic that will be passing through your ASA, whereas if you used internal DNS to resolve it would never hit the ASA.
Markus BraunCEOCommented:
technically there is no point to go through the ASA to view an internal web site
just configure your DNS server to resolve the IP internally
that would be the correct way to do it
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.