Using a nat rule to translate 80/443 traffic to web server, but internal users cannot access it using external ip/domain name

Posted by Josh on Server Fault See other posts from Server Fault or by Josh
Published on 2012-10-29T15:24:48Z Indexed on 2012/10/29 17:04 UTC
Read the original article Hit count: 244

I am using Cisco ASDM for ASA

I have my internal network called soa. My outside interface is called outside. Let's say my outside IP given to me by my ISP isp is y.y.y.y I have a web server inside my network with a static ip of x.x.x.110. I have configured 2 static nat rules (one for http the other for https).

Source is x.x.x.110. Interface is outside, service (http or https).

Maybe I am doing this wrong, but when I run the packet tracer, I choose outside interface and for the source IP I used 8.8.8.8 and the destination ip is my outside IP address, y.y.y.y

When I run that, it shows the packet traversing successfully, using 9 steps.

For my other test, I switch to the soa interface, input an ip on that network, and leave the destination the same. This test comes up with 2 steps and then fails on my access list.

When I see the rule that fails, it is my catch all which is source: any desitnation: any, service: ip action: deny.

What rule do I need to make to allow my soa network access to go out and come back in by my external IP addess (using a domain name attached to that ip in my dns, of course)?

© Server Fault or respective owner

Related posts about firewall

Related posts about routing