09-09-2011 12:06 AM - edited 03-11-2019 02:22 PM
Greetings.
A pix 515E with software 8.0(4)28 connects the inside and outside networks. There are some servers in "outside" that have addresses overlapping with the internal subnets (192.168.10.25 and 192.168.10.26), and those servers have a reverse route only to a specific subnet (172.16.5.0/24). So - double nat. Here's the config (it works fine):
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 172.16.5.1
static (outside,inside) 172.19.100.1 192.168.10.25 netmask 255.255.255.255
static (outside,inside) 172.19.100.2 192.168.10.26 netmask 255.255.255.255
route inside 0.0.0.0 0.0.0.0 10.15.0.3 1
route outside 192.168.10.25 255.255.255.255 10.17.3.1 1
route outside 192.168.10.26 255.255.255.255 10.17.3.1 1
(and a route to 172.19.100.2 on the first hop in the inside network).
Now to the problem. 192.168.10.26 is an HTTP server. On the pages it has hyperlinks pointing to http://192.168.10.25, the browser tries to access that server - and, surely, failes, as the target server is only available by sending requests to 172.19.100.1, with the packets being DNAT'ed.
Is it possible to rewrite the packet's body, replacing all occurances of <a href="http://192.168.10.25 for <a href="172.19.100.1 ? I know it's a kludge, but other options are even worse.
If PIX can't do it - who can? ASA eith 8.4 software? IOS router?
09-09-2011 04:10 AM
Use your favorite search engine and search for "DNS Doctoring" and or "DNS rewrite"
HTH>
09-09-2011 04:37 AM
Not an option - there are no DNS names involved. And I can't change anything at the servers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide