Wibble_
asked on
ASA Access list. Allow traffic back in to our network?
We have two sites connected by VPN. Main 192.168.0.0/24 and Branch office (BO) 192.168.1.0/24
There is a single DNS domain for both sites (MS AD integrated), and a BIND server running our public DNS.
We have a webmail server at the main site, 192.168.0.4. that is accessible via port forwarding from the outside interface public IP, lets say 1.2.3.4
Externally everything works fine. Yay!
Internally, if I set the DNS entry for webmail.company.com on the internal DNS to 192.168.0.4 then the Branch office can't access webmail when the VPN is down (a business continuity requirement).
If I set it to 1.2.3.4 then I can't access webmail from the Main site. (obviously it's fine from the Branch office).
What rules do I need to put in place to allow the 192.168.0.0/24 subnet to access webmail?
Can this be done with a static route and a secondary IP on the webmail server, or should I be looking ot allow traffic out and then back in through nat?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.