Solved

cisco asa 5510 static nat hairpining

Posted on 2013-05-21
3
502 Views
Last Modified: 2013-05-21
i have an ASA that on the inside has the local lan 192.168.208.0/24. In that lan i have both PC's and a server 192.168.208.6 which is assigned static nat/pat to a certain outside IP. the thing is that i can see the server from outside, and from basic hairpining i can even see it from itself by going to http://189.210.x.x/ but i cannot seem to make it work on the other LAN PC's which is quite weird. Can you help me sort it out ?

name 189.210.x.x SERVER_OUTSIDE
name 192.168.208.6 SERVER_INSIDE
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
global (Outside) 1 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) SERVER_OUTSIDE SERVER_INSIDE netmask 255.255.255.255
static (Inside,Inside) SERVER_OUTSIDE SERVER_INSIDE netmask 255.255.255.255
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
access-list Inside_access_in extended permit ip any any
access-list Outside_access_in extended permit tcp any host SERVER_OUTSIDE eq www

Open in new window

0
Comment
Question by:cristiansava
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:cristiansava
ID: 39183593
btw i am using an older IOS : 8.2 (5)
0
 
LVL 4

Accepted Solution

by:
MarcusSjogren earned 500 total points
ID: 39183666
Hi,

I think you need to add the following line for it to work:

global (inside) 1 interface

It will enable PAT for returning traffic.

There is another solution to this as well. Basically add the word "dns" to the NAT-command and it will use "DNS Doctoring" which will change DNS requests regarding your public IP and respond with the internal IP, a DNS-NAT one could say.
This requires that you are using an external DNS though so the DNS-requests are going through the firewall.

Command:
static (inside,outside) SERVER_OUTSIDE SERVER_INSIDE netmask 255.255.255.255 dns





Marcus
0
 

Author Comment

by:cristiansava
ID: 39183676
i will try the global inside statement. the dns doctoring i already tried out with no effect.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question