Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Source and Destination is same through ASA Firewall

Posted on 2014-02-17
4
Medium Priority
?
413 Views
Last Modified: 2014-03-07
Hi,

My Server is at Inside Network.
My Laptop is at Inside Network


My server Public ip registered outside (internet DNS). and there is no internal DNS

When i am trying with  URL,which has registered in Public DNS , the request is going via ASA Firewall and hits to the DNS server and DNS server redirects to the Firewall and Firewall do the reverse-NAT and changes public to Private but my Laptop not able to access the server over URl


I have studied that Firewall will not send to the destination that has passed over the same  interface..

What would be the solution , Can it be cone over DNS-doctoring ?

Regards
Ram
0
Comment
Question by:RAMU CH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39864614
You can try adding an entry on host file to do resolution with internal IP.
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39864702
We cannot do 1000 PCs  hence it should happen over Firewall..

Is there any configuration in ASA firewall
0
 
LVL 6

Accepted Solution

by:
Jordan Medlen earned 1500 total points
ID: 39864778
Try adding a static route for the IP address of the URL you are trying to hit, and point it to your gateway IP address of the firewall.

Example:

route outside <ip_of_url> 255.255.255.255 <firewall_ext_gw_ip> 1

This is a dirty trick to accomplish connectivity. Your firewall will now direct that traffic to it's gateway and the gateway device will send it right back around to the outside interface, and provided ACLs are in order, allow that traffic to pass back in.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39912244
Thanks
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question