So what happened to the CPU of the ASA when the PC and server started sending 100Mbt of data to each other? Or was one of them running 10BaseT, half-duplex?
Ted > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Fawcett Simon > Sent: Thursday, July 17, 2008 3:40 AM > To: Geyer, Nick; [email protected] > Subject: Re: [c-nsp] NAT and hairpin's > > > I have done this on an ASA running 7.2 code. It definitely works > > What happened was the inside sever was say 10.0.0.1 with an outside > address 1.1.1.1 all client traffic by default was natted to a hide > address 2.2.2.2. > > My pc therefore > > Was 10.0.0.2 heading for 1.1.1.1. I was natted by the hide address so > my source was 2.2.2.2. > > The only odd thing about it was that you then needed to permit on the > ouside interface inbound traffic from 2.2.2.2 going to 1.1.1.1 and > everything worked. > > I hope this makes sense and helps someone > > God bless the ASA > > Simon > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Geyer, Nick > Sent: 17 July 2008 06:16 > To: [email protected] > Subject: [c-nsp] NAT and hairpin's > > Hi Everyone, > > > > Just wondering if anyone has come up with a way to hairpin traffic using > a Cisco router? The problem is as follows; > > > > Say for example I have a router connecting to the Internet and an > internal LAN doing normal NA, e.g; > > > > 203.1.2.3 -> ROUTER <- 192.168.1.0/24 (203.1.2.3 being the public IP on > the "outside" interface) > > > > I have an application that talks from clients on the Internet to an > internal server (192.168.1.1), with the appropriate static NAT's setup > on the router to forward the traffic. The problem is the internal > clients also need to talk to the server but on the public IP address > (203.1.2.3). The traffic from the internal clients will hit the router > but it wont translate and forward the traffic because its coming from > the "inside" interface (and the static NAT only works for requests from > the outside interface). > > > > I don't believe it can be done but just thought I would ask in case > anyone has come up with a weird and wonderful way. > > > > Cheers, > > > > Nick Geyer. > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
