cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1089
Views
0
Helpful
8
Replies

Cannot access my web site from the LAn

ccfcfirst5
Level 1
Level 1

Hi,

We just replaced old firewall with the ASA 5510. We have two web servers inside the LAN. I can access the web servers from outside our network.The web servers are natted. From inside i cannot access the web site.So i changed my dns settings so that if i browse my site it looks inside the network (ie private IP). From the main site i have a link that takes me to the second web server. WHen i hit i get an error page not found.the problem is it is looking for the public IP address(not the local IP).How can i fix this. Also i cannot ping or tracert to my Web servers public IP address. Please Help.

8 Replies 8

zulqurnain
Level 3
Level 3

hi,

firstly, there are alot of questions, so lets take them one by one.

1. you webservers are natted to public ip address ? TRUE

2. you cannot ping or tracert on the pix unless you allow it through acls, to test you can do this if you are tracing from inside to outside.

access-list acl_out permit icmp any any unreachable

access-list acl_out permit icmp any any time-exceeded

access-list acl_out permit icmp any any echo-reply

acl_out = name of your acl which ever it is configured on your outside interface.

Yes the webservers are natted to public IP Address.

From inside the LAN whe i click the web site it is trying to connnect to the public ip address and it gives page not found.

For you to be able to access your internal webservers that mapped to a public IP so that it can be accessed via public IP name by both internet and internal user, check the alias and DNS Doctoring feature.

The following example explained the config:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

HTH

AK

Did not work.

Hi everyone, i've got the same problem with PIX 6.3.5, from the outside the web server is reachable without problem; from the inside when a client tries to connect to the web server using the public IP defined with the static, it doesn't work, in the log i see the "built inbound connection" but i am unable to view the web page, is it necessary a particular NAT configuration to permit this connection? Thank to everybody and sorry for my english.

jmayes
Level 1
Level 1

To access from the inside, why not simply add the web site name to your internal DNS server using an inside address (either NAt a DMZ address to the inside or transparent NAT yourself to the DMZ and use the address of the server in the DMZ)?

This would resolve the name correctly using the internal DNS server for the internal IP address while allowing the world to still resolve to the external address and hit the site that way.

I think that moving the server from the inside LAN to a DMZ will resolve the problem. I'll test it in the next days, is it possibile that problem is cause by the fact that the source packet and the destination packet are on the same interface (inside)?

Review Cisco Networking for a $25 gift card