Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
0
Helpful
4
Replies

Internal Website and Pix 515

c-elliott
Level 1
Level 1

‎09-23-2002 07:28 AM - edited ‎02-20-2020 10:15 PM

We are running into a problem between our Pix and internal website. Internal users will suddenly lose the ability to resolve the website. You can do a clear xlate and everything will go back to normal. Has anyone ran into this before? Is this a global pool issue?

0 Helpful
4 Replies 4

steve.barlow
Level 7
Level 7

‎09-23-2002 10:34 AM

Might be a bug: CSCdy58717

Is it only happening for that web site? If yes, is it on the DMZ?

Steve

0 Helpful

c-elliott
Level 1
Level 1
In response to steve.barlow

‎09-23-2002 10:41 AM

The website is in the DMZ, and is the only server that is effected.

0 Helpful

steve.barlow
Level 7
Level 7
In response to c-elliott

‎09-23-2002 11:06 AM

Can you post the relevant config (nat, global, statics, acls etc)? Does your DNS resolve the IP to the public or private IP of the server?

0 Helpful

jtnim
Level 1
Level 1

‎09-24-2002 11:26 PM

Global pool IPs might run out if you only have NAT configured for DMZ. Configure one IP for PAT, something like:

global (dmz) 1 10.10.2.10-10.10.2.20 netmask 255.255.255.0

global (dmz) 1 10.10.2.21 netmask 255.255.255.0

The first line is NAT and the second line is PAT. If the NAT addresses (10 to 20) run out, the firewall will assign the PAT address (21). Here DMZ network would be 10.10.2.0/24 and the web server e.g. 10.10.2.2. Also check that you have defined alias for the web server's public IP, something like:

alias (inside) 123.123.123.34 10.10.2.2 255.255.255.255

-- Rubio

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card