Hairpin on asa 9.1 - Guest wifi network access to 1 host only and ONLY for https

Hi

I have a guest wifi whos gateway is on its own dedicated interface on asa "guest wifi"
the gust vlan is isolated and does not have any access at all to internal LAN - only access it has is external http and https

I need to allow it to talk https to an "internal sharepoint server" 192.168.20.1"
at the moment i have a NAT of https of 1 of our  public address to internal sharepoint IP 192.168.20.1 (This is for public outside access to our sharepoint/internal)

This NAT fails of course for our "guest wifi" users as the traffic cant U tun back inside.
I need to come up with a solution hairpin? I thought about TMG sharepoint rule in tmg - it does not appear to work (this maybe as a result of the NAT in place on the asa however)

I really would like full command set on asa to achieve what im after please :) . So when guest wifi users go to https://sharepoint.domain.com  they can get to it - and most important all of their other http and https traffic to "internet" generally will not be effected.
LVL 1
philb19Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Firstly how will the Wi-Fi users resolve the name sharepoint.domain.com?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
philb19Author Commented:
hi glad for resonse -  the DN is done external - my reading has led me to what looks like a nice feature on asa

DNS rewrite - Im hopeful that i can turn this on to resolve (hoping it wont break the NAT for users on net accesing the  internal sharepoint site??

DNS rewrite will then DNS resolve to the NAT internal IP address of sharepoint

I presume i will then require some changes ot access-lists to at least allow https from guest (resticted wifi) to the internal IP address of sharepoint
0
philb19Author Commented:
first sentance above should read:

hi glad for resonse -  the DNS is done external - my reading has led me to what looks like a nice feature on asa
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.