<div>
so I need to add the dns keyword in all static NAT statements?
</div>


<div>
the DNS keyword doesn't solve my problem.
</div>


<div>
Hello there,<br />
<br />
the only way to get this working is to use the dns translation as mentioned above already.<br />
You cannot contact the public IP of your NAT'ed host from the inside, that's not possible, but what _IS_ possible is that you can access it using the DNS domain name which gets translated properly then.<br />
Let's say, f.ex., there is a DNS record for 1.1.1.39 somewhere called &quot;mailserver.yourdomain.com<wbr />&quot;.<br />
<br />
When people from outside your network try to reach &quot;mailserver.yourdomain.com<wbr />&quot;, it will resolve to 1.1.1.39. <br />
When someone from inside your network tries to reach &quot;mailserver.yourdomain.com<wbr />&quot;, it will also resolve to 1.1.1.39.<br />
<br />
By specifying the &quot;dns&quot; keyword for the 1:1 translation in your ASA configuration, the behaviour for inside hosts will change, because the ASA knows that it needs to translate the DNS reply in the answer from your DNS server to the internal IP address of this host, so when you try to resolve the name &quot;mailserver.yourdomain.com<wbr />&quot; from your internal network then, your clients will be able to connect to it because the ASA silently replaces the IP address 1.1.1.39 with 10.1.1.39.<br />
<br />
bye,<br />
Alex
</div>


<div>
The was a way before 8.3, don't know if this works when 'translated' to the new syntax.<br />
But try:<br />
<i>object network obj-10.1.1.39<br />
host 10.1.1.39<br />
nat (inside,inside) static 1.1.1.39 </i><br />
<br />
And see if that might work.
</div>


<div>
erniebeek: Can you please point out the configuration to make this work in a previous version than 8.3.<br />
<br />
Thanks
</div>


<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
I am using ASA 5505 8.3<br />
<br />
Setup is as follows:<br />
<br />
2 Vlans. inside and Outside.<br />
<br />
Outside<br />
1.1.1.38 255.255.255.248<br />
route outside 0.0.0.0 0.0.0.0 1.1.1.37 1<br />
<br />
Inside:<br />
10.1.1.1 255.255.255.0<br />
<br />
object network obj_any<br />
&nbsp;nat (inside,outside) dynamic interface<br />
<br />
object network obj_any<br />
&nbsp;subnet 0.0.0.0 0.0.0.0<br />
<br />
object network PC<br />
&nbsp;host 10.1.1.39<br />
<br />
object network PC<br />
&nbsp;nat (inside,outside) static 1.1.1.39<br />
<br />
10.1.1.39 can access the internet using =&gt; 1.1.1.39 fine.<br />
All others can access the internet using 1.1.1.38 fine.<br />
<br />
So when I add a ACL example:<br />
access-list outside_in extended permit tcp any 10.1.1.39 eq smtp<br />
access-group outside_in in interface outside<br />
<br />
Outside smtp traffic is getting in fine (to PC 10.1.1.39). So far everything is functional.<br />
<br />
Now, I have a PC2 (10.1.1.50) trying to access 10.1.1.39 using its public IP (1.1.1.39) which doesn't work. <br />
<br />
It only works using the private IP: 10.1.1.39 and not the 1-to-1 public IP 1.1.1.39<br />
<br />
Can you please assist and getting this to work using public and private IP both. Or this is not possible?<br />
<br />
Thanks
</div>
</div>


Hi,

I am using ASA 5505 8.3

Setup is as follows:

2 Vlans. inside and Outside.

Outside
1.1.1.38 255.255.255.248
route outside 0.0.0.0 0.0.0.0 1.1.1.37 1

Inside:
10.1.1.1 255.255.255.0

object network obj_any
 nat (inside,outside) dynamic interface

object network obj_any
 subnet 0.0.0.0 0.0.0.0

object network PC
 host 10.1.1.39

object network PC
 nat (inside,outside) static 1.1.1.39

10.1.1.39 can access the internet using => 1.1.1.39 fine.
All others can access the internet using 1.1.1.38 fine.

So when I add a ACL example:
access-list outside_in extended permit tcp any 10.1.1.39 eq smtp
access-group outside_in in interface outside

Outside smtp traffic is getting in fine (to PC 10.1.1.39). So far everything is functional.

Now, I have a PC2 (10.1.1.50) trying to access 10.1.1.39 using its public IP (1.1.1.39) which doesn't work. 

It only works using the private IP: 10.1.1.39 and not the 1-to-1 public IP 1.1.1.39

Can you please assist and getting this to work using public and private IP both. Or this is not possible?

Thanks

Cisco ASA 8.3 Configuration

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.