ASA NAT/Access

[RadiclDreamer]

So I have a webserver called blah.com that has a real publicly reachable IP and my ASA does NAT so the 172.x translates to 123.x.x.x., internally clients point to my internal dns and get the internal 172.x ip.

I also have a guest wireless network that now needs access to this site, they have public, open dns servers configured which returns the external IP when queried. The guest wireless also hangs off a separate interface on the firewall. What would I need to do to allow the guest wireless users who are getting the 123.x.x.x address to connect to this internal site?

I know my explanation sucks, so feel free to ask for clarification on anything.

 

[dave_the_nerd]

Assuming you can't point the Guest WiFi at the corporate DNS servers, you'd need a DNS server on the Guest WiFi LAN that knows about the local address(es) you want accessible, and which forwards the rest of the requests to OpenDNS.

Fairly easy to do with Ubuntu/DNSMasq (it's the setup I use at home.)

Or you can reconfigure your router so internal traffic bound for your external IP is routed properly. But I've seen that _not_ work often enough that it's probably harder than I think it sounds.