1. Home
  2. Cisco Systems
  3. NAT and ASA5510

NAT and ASA5510

I'm setting up an ASA5510 with 1 public IP address on the outside interface. I've currently got all the internal hosts NATing out and I have several

ports on the outside interface forwarding to specific hosts on the internal network. All this is working. What I'm now trying to do is allow an internal host to use one of the external IP addresses. Currently, it is not able to do so and I can't figure out why.

Here's my current setup:

External Interface: Assigned 200.10.10.1

Internal Interface: Assigned 10.1.0.1

Web server: Assigned 10.1.0.5

I have a NAT pool consisting of the external interface IP (for use as PAT) I have a static PAT rule translating port 80 on 200.10.10.1 to port 80 on

10.1.0.5

From a machine on the external interface, I can browse the web server.

>From the web server on the inside, I can get to anything on the

external side.

When I try to go to HTTP:\\\\200.10.10.1 from the web server on the internal network, the web page times out and the log on the ASA says that access was denied.

Is what I'm trying to do possible? If so, what am I missing?

Reply to
StefanoN
Loading thread data ...

No.

The ASA only allows packets to go into the ASA and back out the same logical interface in the case where at least one VPN tunnel is involved.

If you need to be able to access the device by external IP *address* from inside, you will need to put it into a DMZ, or add more hardware.

There are various solutions (some easy) if you can instead use host *name* instead of host *IP address*.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.