I have done this on an ASA running 7.2 code. It definitely works What happened was the inside sever was say 10.0.0.1 with an outside address 1.1.1.1 all client traffic by default was natted to a hide address 2.2.2.2.
My pc therefore Was 10.0.0.2 heading for 1.1.1.1. I was natted by the hide address so my source was 2.2.2.2. The only odd thing about it was that you then needed to permit on the ouside interface inbound traffic from 2.2.2.2 going to 1.1.1.1 and everything worked. I hope this makes sense and helps someone God bless the ASA Simon -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geyer, Nick Sent: 17 July 2008 06:16 To: cisco-nsp@puck.nether.net Subject: [c-nsp] NAT and hairpin's Hi Everyone, Just wondering if anyone has come up with a way to hairpin traffic using a Cisco router? The problem is as follows; Say for example I have a router connecting to the Internet and an internal LAN doing normal NA, e.g; 203.1.2.3 -> ROUTER <- 192.168.1.0/24 (203.1.2.3 being the public IP on the "outside" interface) I have an application that talks from clients on the Internet to an internal server (192.168.1.1), with the appropriate static NAT's setup on the router to forward the traffic. The problem is the internal clients also need to talk to the server but on the public IP address (203.1.2.3). The traffic from the internal clients will hit the router but it wont translate and forward the traffic because its coming from the "inside" interface (and the static NAT only works for requests from the outside interface). I don't believe it can be done but just thought I would ask in case anyone has come up with a weird and wonderful way. Cheers, Nick Geyer. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/