Using a nat rule to translate 80/443 traffic to web server, but internal users cannot access it using external ip/domain name
Posted
by
Josh
on Server Fault
See other posts from Server Fault
or by Josh
Published on 2012-10-29T15:24:48Z
Indexed on
2012/10/29
17:04 UTC
Read the original article
Hit count: 242
I am using Cisco ASDM for ASA
I have my internal network called soa. My outside interface is called outside. Let's say my outside IP given to me by my ISP isp is y.y.y.y I have a web server inside my network with a static ip of x.x.x.110. I have configured 2 static nat rules (one for http the other for https).
Source is x.x.x.110. Interface is outside, service (http or https).
Maybe I am doing this wrong, but when I run the packet tracer, I choose outside interface and for the source IP I used 8.8.8.8 and the destination ip is my outside IP address, y.y.y.y
When I run that, it shows the packet traversing successfully, using 9 steps.
For my other test, I switch to the soa interface, input an ip on that network, and leave the destination the same. This test comes up with 2 steps and then fails on my access list.
When I see the rule that fails, it is my catch all which is source: any desitnation: any, service: ip action: deny.
What rule do I need to make to allow my soa network access to go out and come back in by my external IP addess (using a domain name attached to that ip in my dns, of course)?
© Server Fault or respective owner