Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
853
Views
0
Helpful
4
Replies

PIX-accessing internal server via external addresses

Faisal Shahid
Level 1
Level 1

‎09-03-2005 02:53 AM - edited ‎02-21-2020 12:22 AM

Kindly See the attachment

We have a PIX firewall in front of our application server and assigned application server an internal IP address. We configured PAT to allow our clients to get Internet access and configured static NAT entry to map one of the external IP to our application server. our client machines and application server are on the same PIX inside interface.

Now clients are accessing Internet perfectly and Internet users can access our application server.

Problem is we want our inside client to access this application server using external global address.

Ping from the inside client to the router interface is successfull but client is unable to ping our application server using global IP.

1 person had this problem
Preview file
30 KB
0 Helpful
4 Replies 4

mehrdad
Level 3
Level 3

‎09-03-2005 06:28 AM

In your case it's normal behavior that you can't ping global address from inside.

Do you have DNS name for your application server?

if true, you can use 'alias' command as DNS Doctoring for you situation, let's take a look :

Assuming that you've configured your application DNS record name with global ip address and anyone can access to your app. server from outside, now when a client from inside requests DNS query, the DNS server resolve global address and the client at inside can't connect to app. server.

In this scenario you can use alias command as DNS doctor to rewrite global address with local address so when someone from inside request to connect to app. server , it resolves local ip address for him/her then he/she can be able to access to app. server properly also anyone can connect to app. server from outside same as before (without any alteration)

alias (inside) 192.168.0.10 202.147.189.178 255.255.255.255

for more information :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

Hope this help.

Regards,

Mehrdad Arshad Rad

0 Helpful

Faisal Shahid
Level 1
Level 1
In response to mehrdad

‎09-03-2005 06:44 AM

Thankyou for this reply

But if I don't have the DNS server what is the solution, is there any way I can access my server using IP address not DNS name

Regards,

Faraz Ahmad

0 Helpful

mehrdad
Level 3
Level 3
In response to Faisal Shahid

‎09-03-2005 07:25 AM

Unfortunately you can't access to app. server through public ip address from inside in your case.

If you have to ping app. server from inside through public ip address, you should add public ip address on your server then apply it to NAT 0 so you have to change some configuration on your PIX (maybe on your perimeter router too)

Regards,

Mehrdad Arshad Rad

0 Helpful

rating_is_vital
Level 1
Level 1
In response to mehrdad

‎09-04-2005 08:15 PM

Hi,

"Unfortunately you can't access to app. server through public ip address from inside in your case.

If you have to ping app. server from inside through public ip address, you should add public ip address on your server then apply it to NAT 0 so you have to change some configuration on your PIX (maybe on your perimeter router too)"

How would the pc communicates with the server providing they belong to different network? Does it mean an internal router is required?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card