No announcement yet.

Cisco ASA NAT/PAT help

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA NAT/PAT help

    in our DMZ we have a webserver. On this server we have multiple sites setup. I am using nonstand ports to be able to have multiple sites without muli-homing the server. on the ASA i have some NAT rules in place that work fine from the outise. Everyone comes in and sees the sites on port 80 or 443 just fine. How we want it.

    Now the issue is that from the internal network when we go to the site since we can't get out to the outside interface and come back into the DMZ I have DNS setup internally to point our site to the DMZ address. In doing this you end up with the port showing in the url like this. ~com:82/

    What I want is to be able to not have that port showing for both internal and VPN users. I have tried doing another NAT rule that is a copy of the public one but putting in an inside address instead of the public address. This also works fine for users on the inside interface but does NOT work when on VPN.

    My question is how do I write a ACL or what ever is needed to allow the VPN users to access the new NAT rule that puts the site on an internal addres or what is the better way to do this so that noone inside,VPN or public ever see that the server is hosted on non-standard port?

    Hope this makes sense to someone.