Name resolution problem on 4 interface Cisco PIX firewall

chrisalbert241 · ‎01-26-2005

Good day!

I having quite a hard time in doing this project of mine guys and it concerns about name resolution of the inside host to web server on the other interface.

Well the setup is this I have a Cisco PIX 515E firewall and it has 4 interfaces. Well the interfaces are outside, inside, dmz1 and dmz2.And they are on different subnets. I'm concerned with the last three interfaces because traffic can go outside. On DMZ1, it contains a WEBSERVER server in the subnet 10.10.30.0/24, while on DMZ2, it contains a DNS server available for outside and inside access, its subnet is at 10.10.10.0/24. While the INSIDE interface 192.168.1.0/24 subnet.

Though users at the OUTSIDE could access the WEBSERVER through its FQDN and all inside users can access the Internet.However the inside users could not access it even if you type the webserver's Public IP address on the web browser or FQDN. The private IP address of the WEBSERVER is 10.10.30.11 and DNS server's IP is 10.10.10.3.

Does issuing "static"s command with the dns subcommand will be of help on the three interfaces?

Can anyone suggest probable solutions on this?

Thank you very much.

Chris

sachinraja · ‎01-27-2005

Hi chris,

you cannot access the webserver on the public IP since the packet never traverses through the outside interface. The packet transfer is only between the inside and the DMZ interfaces.

when you ping the webserver fqdn from inside, are you getting the public IP in the response ? i think you mught have to configure alias command on ur pix. just check the following URL for the details.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml#int

do let us know if this helps..

Raj