09-23-2002 07:28 AM - edited 02-20-2020 10:15 PM
We are running into a problem between our Pix and internal website. Internal users will suddenly lose the ability to resolve the website. You can do a clear xlate and everything will go back to normal. Has anyone ran into this before? Is this a global pool issue?
09-23-2002 10:34 AM
Might be a bug: CSCdy58717
Is it only happening for that web site? If yes, is it on the DMZ?
Steve
09-23-2002 10:41 AM
The website is in the DMZ, and is the only server that is effected.
09-23-2002 11:06 AM
Can you post the relevant config (nat, global, statics, acls etc)? Does your DNS resolve the IP to the public or private IP of the server?
09-24-2002 11:26 PM
Global pool IPs might run out if you only have NAT configured for DMZ. Configure one IP for PAT, something like:
global (dmz) 1 10.10.2.10-10.10.2.20 netmask 255.255.255.0
global (dmz) 1 10.10.2.21 netmask 255.255.255.0
The first line is NAT and the second line is PAT. If the NAT addresses (10 to 20) run out, the firewall will assign the PAT address (21). Here DMZ network would be 10.10.2.0/24 and the web server e.g. 10.10.2.2. Also check that you have defined alias for the web server's public IP, something like:
alias (inside) 123.123.123.34 10.10.2.2 255.255.255.255
-- Rubio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide