CSS/ASA can users on the inside access the VIP by its Public IP address
Posted by Peter Kurdziel on October 19, 2009
I’ve an ASA with a DMZ on which the CSS is connected.
Outside users connect to a public IP address which is statically NAT’d to the VIP on the CSS.
All is working well, but the customer wants to be able to use the public IP address (or DNS) from the inside network of the ASA.
If your existing static looks something like this for access from the outside…
static (dmz,outside) 22.214.171.124 126.96.36.199 netmask 255.255.255.255
all you have to do is add this static
static (dmz,inside) 188.8.131.52 184.108.40.206 netmask 255.255.255.255
Then anyone on the inside going to 220.127.116.11 will be sent do 18.104.22.168 in the dmz.