Solved

cisco asa 5510 static nat hairpining

Posted on 2013-05-21
3
505 Views
Last Modified: 2013-05-21
i have an ASA that on the inside has the local lan 192.168.208.0/24. In that lan i have both PC's and a server 192.168.208.6 which is assigned static nat/pat to a certain outside IP. the thing is that i can see the server from outside, and from basic hairpining i can even see it from itself by going to http://189.210.x.x/ but i cannot seem to make it work on the other LAN PC's which is quite weird. Can you help me sort it out ?

name 189.210.x.x SERVER_OUTSIDE
name 192.168.208.6 SERVER_INSIDE
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
global (Outside) 1 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) SERVER_OUTSIDE SERVER_INSIDE netmask 255.255.255.255
static (Inside,Inside) SERVER_OUTSIDE SERVER_INSIDE netmask 255.255.255.255
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
access-list Inside_access_in extended permit ip any any
access-list Outside_access_in extended permit tcp any host SERVER_OUTSIDE eq www

Open in new window

0
Comment
Question by:cristiansava
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:cristiansava
ID: 39183593
btw i am using an older IOS : 8.2 (5)
0
 
LVL 4

Accepted Solution

by:
MarcusSjogren earned 500 total points
ID: 39183666
Hi,

I think you need to add the following line for it to work:

global (inside) 1 interface

It will enable PAT for returning traffic.

There is another solution to this as well. Basically add the word "dns" to the NAT-command and it will use "DNS Doctoring" which will change DNS requests regarding your public IP and respond with the internal IP, a DNS-NAT one could say.
This requires that you are using an external DNS though so the DNS-requests are going through the firewall.

Command:
static (inside,outside) SERVER_OUTSIDE SERVER_INSIDE netmask 255.255.255.255 dns





Marcus
0
 

Author Comment

by:cristiansava
ID: 39183676
i will try the global inside statement. the dns doctoring i already tried out with no effect.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question