Announcement

Collapse
No announcement yet.

cisco ASA strange nat scenerio

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • cisco ASA strange nat scenerio

    Ok first off I know the following is not a best practice, but my curiosity dictates that i figure out how it was/is done:

    The setup is
    inside network 192.168.1.0/24
    outside 1.1.1.x/24


    lets say I have a web server in the inside of my network, but I want to actually assign the public IP on it, and still have it on the inside of the firewall
    lets say the address is 1.1.1.5
    I am assuming the command would be static (inside,outside) 1.1.1.5 1.1.1.5
    however I have labbed this scenerio and it does not work.
    I have seen this done once, but do not remember how it was done, and do not have a copy of the ASA config to reference, but it was on a 5520 i believe, running 7.2ish(it did work after I upgraded it to

    I have also tried static (outside,inside), as well as both. I am sure it is not an ACL issue as for testing i used permit any any.

  • #2
    Re: cisco ASA strange nat scenerio

    Here is an example.

    Code:
    ciscoasa(config)# access-list OUTSIDE extended permit tcp any host 1.1.1.5 eq 80
    ciscoasa(config)# access-group OUTSIDE in interface outside
    
    ciscoasa(config)# static (inside,outside) 1.1.1.5 192.168.1.10 netmask 255.255.255.255
    CCNA, Network+

    Comment


    • #3
      Re: cisco ASA strange nat scenerio

      If I read that right that would mean that the internal server has the 192.168.1.10. I want to actually be able to assign the 1.1.1.5 address to a server INSIDE my network even though its on the outside. I have seen this sone ONCE, but I did not remember how. I do not have a copy of the config to reference, but there was a server inside the network with an external address and it did work. I would be skeptical if I hadnt seen it work because I know its at best a bad practice. I am pretty sure there was no secondary addressing either.

      Comment


      • #4
        Re: cisco ASA strange nat scenerio
        ok I figured it out, sort of. Getting it to work I added a route to the host on the inside and used the ASA's internal IP as the next hop router, and a static on the internal machine with the external address.
        Last edited by rpcblast; 28th March 2010, 23:07.

        Comment

        Working...
        X