Saturday, February 23, 2013

Cisco ASA 8.4 Static PAT- Can't access your external website interally?

Ah the ASA, nothing like a good headache for a Saturday night. I just setup my ASA5515-x and got my external port fordwarding setup (guide) and my interanlly hosted webserver live. It would resolve on my phone or a remote computer just fine. Locally, it would just time out. In 8.4 they removed the DNS rewriting found previously. Here is the solution.

External IP: 50.50.50.50
Internal Webserver IP: 192.168.2.30

object network Public_Server
host 50.50.50.50
 
object network Internal_Server
host 192.168.2.30
 
nat (inside,inside) source dynamic any interface destination static Public_Server Internal_Server
 
same-security-traffic permit intra-interface

Works great now!

https://supportforums.cisco.com/thread/2157443
Posted by at

1 comment:

  1. UnknownFebruary 26, 2013 at 6:29 PM

    Have you ever looked into split brain DNS? Might save you even more headaches in the end

    ReplyDelete

Subscribe to: Post Comments (Atom)