Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 474
  • Last Modified:

Can I set our ASA5520 to allow a user from within the LAN to connect to an external IP address which is on the WAN interface of our Firewall?

Currently I have a number of clients within our network who have their own VLAN's. We have allocated them Public IP addresses on our firewall which NAT through to their VLAN's. When outside of our network they can connect to these public IP addresses on port 80, 21 etc depending on the services the have running. however when they are inside our network they cannot connect to these public IP addresses at all.

Is it possible to configure this and where do I do it. I am currently running an ASA5520 firewall with ASA version 7.2(1)
0
btec_bob
Asked:
btec_bob
  • 2
2 Solutions
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Short answer: no.

A basic limitation of ASA is that if you have a internal resource which is public available thru nat, you cannot access that internal host from anoter internal host via its public IP.

There are ways around this. One is to use DNS to reach that resource. If the DNS is internal you can configure it to give out the inside/real ip. If the DNS-server is public you can make your internal hosts go thru the firewall to do dns lookup and by using "dns"-parameter for the static-command of the goal resource you can make the ASA replace the ip in the DNS-answer from the public ip to the internal/private.

/Kvistofta
0
 
StefanKampCommented:
Agree on kvistofta's comment; It's called dns-rewrite. A similar setup can be found here:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml
0
 
btec_bobAuthor Commented:
Both answers were acurate and the additional submission had more detail on how to configure it.
0
 
StefanKampCommented:
Thanks for the point
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now