08-08-2007 05:32 PM - edited 03-11-2019 03:55 AM
Hi,
I have a PIX 515 with two interfaces, inside (10.0.0.1) and outside (200.200.201.2).
The web server ip is 10.0.0.237. I have a static translation to 200.200.201.237.
My access list is wide open...
permit tcp any any
permit udp any any
permit icmp any any
I can access the web server console, ssh, ftp, from the outside but I can't reach the app hosted on the webserver.
Is it safe to assume that if I can reach the web server console, that I should be able to reach the app too? It's the same IP and port.
Do I need a global pool and NAT if I have statics?
The app works fine when accessed from the 10.0.0.0 subnet. I'm wondering if the developers are using hard coded ip's in the code.
08-09-2007 12:01 AM
Hi
You don't need a global pool and Nat for allowing machines outside your firewall to access your web server.
If you can access the web server on all other ports but the app does not work i would go back to the app guys as you say and ask them.
It could be related to DNS lookups.
HTH
Jon
08-09-2007 02:57 AM
Thanks! This is being done in a lab environment now. We don't have a DNS server. The clients are going through two routers prior to the pix. When I take the pix out it works fine. The problem seems to occur once the address translation takes place.
08-09-2007 03:10 AM
If you think it is the NAT that is breaking it have a word with your apps guys.
Are they doing any authentication based on the IP address ?
Jon
08-09-2007 03:15 AM
Is there any way to set this up and still use 10.0.0.237 as the destination? I didn't think that would be possible since it's a private address?
08-09-2007 03:39 AM
Unfortunately not if you need to route this across the Internet no.
08-09-2007 12:50 PM
Thanks Jon! The developers found a problem with their code. I've been pulling my hair out for nothing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide