Cisco ASA Hairpinning with Dynamic IP

Posted by Joseph Sturtevant on Server Fault See other posts from Server Fault or by Joseph Sturtevant
Published on 2009-06-03T04:18:57Z Indexed on 2010/04/22 21:13 UTC
Read the original article Hit count: 755

Filed under:

cisco

|

asa

|

hairpinning

|

dynamic-ip

I currently have my Cisco ASA 5505 firewall configured to forward port 80 from the outside interface to a host on my dmz interface. I also need to allow clients on my inside interface to access the host in the dmz by entering the public ip / dns record in their browsers. I was able to do that by following the instructions here, resulting in the following configuration:

static (dmz,outside) tcp interface www 192.168.1.5 www netmask 255.255.255.255 
static (dmz,inside) tcp 74.125.45.100 www 192.168.1.5 www netmask 255.255.255.255

(Where 74.125.45.100 is my public IP and 192.168.1.5 is the IP of the dmz host)

This works great except for the fact that my network has a dynamic public IP and this configuration will therefore break as soon as my public IP changes. Is there a way to do what I want with a dynamic ip?

Note: Adding an internal DNS record won't solve my problem since I have multiple dmz hosts mapped to different ports on the public IP.

© Server Fault or respective owner

Related posts about cisco

Cisco Unifed Communication integration for Microsoft Lync crashes on Remote Desktop services 2008 R2!

as seen on Server Fault - Search for 'Server Fault'
Hi everybody i have deployed office communication server 2007 R2 and communicator 2007 R2 and i made integration with Cisco Unified Communication Manager 7.1 in my network, i also uses Remote Desktop Servers 2008 R2 for Thin Client Computers, now that i installed Cisco UC integration client for communicator… >>> More
Cisco Unified Communication integration for Microsoft Lync crashes on Remote Desktop services 2008 R2!

as seen on Server Fault - Search for 'Server Fault'
Hi everybody i have deployed office communication server 2007 R2 and communicator 2007 R2 and i made integration with Cisco Unified Communication Manager 7.1 in my network, i also use Remote Desktop Servers 2008 R2 for Thin Client Computers, now that i installed Cisco UC integration client for communicator… >>> More
Cisco Prime NCS not starting

as seen on Server Fault - Search for 'Server Fault'
I have received the Cisco Prime OVA file and which we placed onto an Oracle virtual environment. We turn the VM on and the CLI boots, When we try to start the NCS service we get errors. HOSTNAME/USER# ncs start Starting Network Control System... Exception in thread "main" java.lang.NullPointerException … >>> More
how to set port forwarding on a cisco 881 router (with cisco configuration professional)

as seen on Super User - Search for 'Super User'
I recently got a cisco 881 router for work and I have everything working except port forwarding I want to forward all incoming port 80 requests to 10.10.10.60 and all incoming port 53322 requests to 10.10.10.40 im using cisco configuration professional and im not sure where to find this option thanks… >>> More
Cisco: Site-to-site VPN with cisco 878 and ASA weirdness

as seen on Server Fault - Search for 'Server Fault'
I currently have 2 sites, both connected to each other through 2 firewalls / routers in a site-to-site VPN. Pinging from server to server (Using 2mb/2mb SDSL) through that VPN obviously works, however, at one site, we have another internet connection (7m/400k ADSL), and only the link between the two… >>> More

Related posts about asa

Cisco ASA bonding/teaming/port-channel capabilities

as seen on Server Fault - Search for 'Server Fault'
Hello, This seemed to me like a really simple question that I would be able to answer by myself but I have not been able to find any info on this subject. I have a Cisco ASA 5510 which has 4 FastEthernet interfaces. I was wondering if it would be possible to use 2 or 3 of these interfaces as a port-channel… >>> More
QoS basics on a Cisco ASA

as seen on Server Fault - Search for 'Server Fault'
Could someone briefly explain how to use QoS on Cisco ASA 5505? I have the basics of policing down, but what about shaping and priorities? Basically what I'm trying to do is carve out some bandwidth for my VPN subnets (in an object-group called priority-traffic). I've seen this Cisco QoS document… >>> More
Cisco ASA: Routing packets based on where the connections started from

as seen on Server Fault - Search for 'Server Fault'
We have a Cisco ASA 5505 (version 8.2(2)) with three interfaces: outside: IP address 11.11.11.11, this is the default route inside: IP address 10.1.1.1, this is the local subnet newlink: 22.22.22.22, this is a new internet connection. We need to move VPN users from the 11.11.11.11 address to the… >>> More
Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

as seen on Server Fault - Search for 'Server Fault'
I have created a test user that is set to privilege 15 in the config: username test password **************** encrypted privilege 15 When I log in to the ASA 5510 I am in privilege 1 according to sh curpriv: login as: test [email protected]'s password: Type help or '?' for a list of available… >>> More
Cisco ASA intermittently fails to see traffic

as seen on Server Fault - Search for 'Server Fault'
users | Mikrotik -- Internet | ASA | ServerA and ServerB I'm trying to troubleshoot a problem with a new Cisco ASA 5505. The network design is as above - the Microtik is the existing router, ServerA and ServerB used to plug directly into it. ServerA has IP 10.30.1.10, ServerB has IP 10.30… >>> More