My servers are natted 1:1 as follows, i.i.i.i maps to x.x.x.x where i is an internal IP, and x is the external IP.
From an i.i.i.i machine, I cannot access x.x.x.x resources...
What special configuration might be necessary to allow looping out, then back in on these firewalls?
Thanks.
Found this, "http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml" It explains "DNS Doctoring" which causes DNS lookups to be translated from the external IP to the internal IP, and therefore allows me to access internal servers (but isn't exactly the solution I was looking for).
Allowing traffic back through an interface on a Cisco PIX/ASA appliance, such as when a client accesses a nat:ed server through its public ip is called NAT Hairpinning.
It uses essentially the same configuration parameters as usual, but with the addition of this command:
same-security-traffic permit intra-interface
and a second static mapping for inside-to-inside traffic to the server:
static(inside,inside) i.i.i.i x.x.x.x
This is described in detail complete with a configuration example here for a two-interface design: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#solution2
And here is a Destination NAT alternative for a three-interface design: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#solution2
