[c-nsp] ASA NAT problem
Tom Sutherland
tsuther at i3businesssolutions.com
Mon May 3 14:11:02 EDT 2010
maybe you're looking for "hairpinning"?:
same-security-traffic permit intra-interface
global (inside) 1 interface
static (inside,inside) {public address} {private address} netmask
255.255.255.255
On Fri, 2010-04-30 at 00:45 -0400, Eric Magutu wrote:
> Hi,
> Apologies for the cross posting.
>
> I have a problem with a NAT on my network. A private IP has been NATed
> to a public IP on my network. The public IP can't be reached from
> within my network but it can from outside. I have tried to implement
> dns doctoring with no success.
> This is what I have added in my config
>
>
> static (inside,outside) 209.165.201.15 10.1.1.6 netmask 255.255.255.255 dns
>
> policy-map type inspect dns preset_dns_map
> parameters
> message-length maximum 2048
> policy-map global_policy
> class inspection_default
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect rsh
> inspect rtsp
> inspect esmtp
> inspect sqlnet
> inspect skinny
> inspect sunrpc
> inspect xdmcp
> inspect sip
> inspect netbios
> inspect tftp
> inspect http
> inspect icmp
> inspect dns preset_dns_map
> !
> service-policy global_policy global
>
>
>
> How do I verify that the dns rewrite is actually taking place? Is
> there something wrong with my config?
>
More information about the cisco-nsp
mailing list