Skip to main content

ASA5505 inside loop back to inside based on outside address?

More
12 years 10 months ago #36883 by Daemonic
Hiya,

Further to my other post, i have re-jigged the topology as follows;
[code:1]NET <--> RTR <--> ASA5505 <--+--> WEBSERVER
+--> INSIDE
RTR = 192.168.1.1/24
ASA5505 = 192.168.1.100/24, 10.0.0.1/24
WEBSERVER = 10.0.0.5/24
INSIDE = 10.0.0.6/24[/code:1]
My config is now as follows;
Interfaces:[code:1]interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.100 255.255.255.0[/code:1]
ACL/PAT/ROUTE:[code:1]access-list outside_access_in extended permit tcp any host 192.168.1.100 eq www
access-list outside_access_in extended permit tcp any host 192.168.1.100 eq https
access-list outside_access_in extended permit tcp any host 192.168.1.100 eq ssh
access-list outside_access_in extended permit icmp any any echo-reply
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 10.0.0.5 www netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
[/code:1]
I can do the following;
  • INSIDE can access the internet - good
  • INSIDE can access WEBSERVER using 10.0.0.5 - good
  • WEB can access WEBSERVER using 192.168.1.100 - good
What i would like to also be able to do is for the INSIDE machine to somehow loop back through the ASA to access the WEBSERVER using the outside address.

Is this possible? If so could anyone point me in the right direction. As everything ive tried so far has failed :([/list]
Time to create page: 0.134 seconds