Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access server through it's public IP from behind SA520 1

Status
Not open for further replies.
fs483

fs483

Technical User
Jul 7, 2002
977
CA
Hello,

I went to replace a Linksys router with a SA520W for a customer. When testing their applications, I discovered one of their inhouse developped application uses the servers public IP address instead of a hostname or internal IP. The linksys router didn't seem to mind that an application from behind the Linksys would attempt a connection to the public IP of the server. I know the PIX series forbid this kind of behavior and I guess the ASA and the SA probably has the same limitation. Now, there's no way to change the hard coded IP in the application. What can I do to bypass this restriction? If the hardcoded IP was a hostname, then I would simply create a host record in the Windows Server DNS and redirect it to an internal IP but that's not the case. I tried using the host files on the workstations but it only allows hostname to IP also. Any ideas?


Thanks
fs483
 
Sort by date Sort by votes
try destination nat:
Code: 
static (outside,inside) <public_ip> <private_ip> netmask 255.255.255.255

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
try creating a new zone and create rules specific for this application. does it use https?
 
Upvote 0 Downvote
Please explain creating a new zone? Are you referring to accessing the GUI of the SA through HTTPS?
 
Upvote 0 Downvote
I finally solved the problem. I managed to find a copy of the application that didn't have the IP hardcoded. Everything works fine now.

I was planning on ordering another one of these SA520W for another customer but I think I'm going to stick with an ASA5505. I know CLI is a bit hard to understand but I've always configured Pix and ASA using CLI. The only thing I like of GUI is being able to view the logs and usage statistics in real time. Things never seem to go well when using the wizards for me.

Thanks,
 
Upvote 0 Downvote
I'm still curious about the Zones and will give it a try. The executable on the laptops for the rep outside the office still have the public IP hard coded which works fine when they are outside the network. However, when they come into the office, then they might encounter the same problem. Having the zones properly setup avoids that problem.

Thanks,
fs483
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
664
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
515
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
582
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
165
Russtoleum
Russtoleum
ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
138
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top