Link to home
Start Free TrialLog in
Avatar of Wibble_
Wibble_

asked on

ASA Access list. Allow traffic back in to our network?


We have two sites connected by VPN. Main 192.168.0.0/24 and Branch office (BO) 192.168.1.0/24

There is a single DNS domain for both sites (MS AD integrated), and a BIND server running our public DNS.

We have a webmail server at the main site, 192.168.0.4. that is accessible via port forwarding from the outside interface public IP, lets say 1.2.3.4

Externally everything works fine. Yay!

Internally, if I set the DNS entry for webmail.company.com on the internal DNS to 192.168.0.4 then the Branch office can't access webmail when the VPN is down (a business continuity requirement).

If I set it to 1.2.3.4 then I can't access webmail from the Main site. (obviously it's fine from the Branch office).

What rules do I need to put in place to allow the 192.168.0.0/24 subnet to access webmail?

Can this be done with a static route and a secondary IP on the webmail server, or should I be looking ot allow traffic out and then back in through nat?
ASKER CERTIFIED SOLUTION
Avatar of John Meggers
John Meggers
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial