Cisco ASA Hairpin Internal Server

Hello John

Hairpinning will indeed solve your problem if you simply want the server to reach the outside address of the web server. This is what is being described in the lesson.

However, if you are not able to ping the private address, and if you want to further troubleshoot that reason, you have to keep the following in mind. You have a server with a 10.2.55.X address, and a web server that has a 172.16.55.X address. If you want those to communicate directly, then somewhere, routing must take place. If you only have a single INSIDE interface, how is routing taking place between these two subnets? We don’t have enough information about your topology to be able to help in the troubleshooting.

In any case, an implicit rule in the ASA packet tracer simply means that either the implicit deny statement in an ACL is being met, or the rule that states that traffic can only flow from a higher security level interface to a lower security level interface. This may help you in further troubleshooting.

I hope this has been helpful!

Laz