Skip to main content

Same-interface Hairpin

(2017-05-31)

Problem

I have a server on my dmz at 192.168.1.10, with a public IP of 1.1.1.1. I need another server on the 192.168.1.0/24 network to be able to access .10 through its public IP.

Solution

object network LAN
 subnet 192.168.1.0 255.255.255.0
object network PUBLIC
 host 1.1.1.1
object network LOCAL
 host 192.168.1.10
nat (inside,inside) source dynamic LAN interface destination static PUBLIC LOCAL

(Source)