Guys,
I really need help.
The current setup is everything goes through 3.1 all traffic including internet the ADSL router of 32.4.7.8 is only for internet as the internet through the MPLS is extremely slow.
I'm trying to do hairpinning on the inside interface to the inside of my ASA.
For the host to reach the 4.0 subnet then need to be pushed out router 3.1 and for anything else the traffic needs to be pushed out 3.10.
What I've done is set up ONE workstation to a default gateway of 3.10 and I've made the ASA do all the routing. It has two routs in there, 1: "route inside 192.168.4.0 255.255.255.0 192.168.3.1 1" 2: "route outside 0.0.0.0 0.0.0.0 32.4.7.9 5" I also have a nat command which nats any traffic going on the outside which is nat (inside) 1 192.168.3.0 255.255.255.0, global (outside) 1 interface. Going to the 4.0 is a MPLS line therefore are private address.
The ASA has the following commands for hairpinning.
same-security-traffic permit intra-interface
nat (inside) 1 192.168.3.0 255.255.255.0
global (outside) 1 interface
static (inside,inside) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
static (inside,inside) 192.168.4.0 192.168.4.0 netmask 255.255.255.0
Now...
What happens is when I inserted the two static cmds (regardless of the working stations being configured) from above the DHCP goes mad and the inside hosts can't get out to the MPLS and in DHCP Server I get BAD ADDRESS. As soon as these two static are removed everything is fine. I have these two in there because any traffic which is sent back to the inside should not be natted and should say from the address of where is came from and only the destination (default gateway) address should change i.e. 3.1.
Any suggestions???
Network Diagram
Uploaded with
ImageShack.us
