CSS/ASA can users on the inside access the VIP by its Public IP address
Posted by Peter Kurdziel on October 19, 2009
I’ve an ASA with a DMZ on which the CSS is connected.
Outside users connect to a public IP address which is statically NAT’d to the VIP on the CSS.
All is working well, but the customer wants to be able to use the public IP address (or DNS) from the inside network of the ASA.
If your existing static looks something like this for access from the outside…
static (dmz,outside) 184.108.40.206 220.127.116.11 netmask 255.255.255.255
all you have to do is add this static
static (dmz,inside) 18.104.22.168 22.214.171.124 netmask 255.255.255.255
Then anyone on the inside going to 126.96.36.199 will be sent do 188.8.131.52 in the dmz.