Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1145
Views
0
Helpful
1
Replies

PIX internal clients can't access static global address of internal servers

xuexinxu
Level 1
Level 1

‎03-23-2002 07:09 AM - edited ‎02-20-2020 10:00 PM

PIX515-UR got two net card, outside ip: o1.o2.o3.o4,inside ip: i1.i2.i3.i4, PAT is enable, outside interface's ip is used by PAT. and an internal WEB server's IP: w1.w2.w3.w4, it is the same subnet with i1.i2.i3.i4, and static map on PIX: s1.s2.s3.s4--> i1.i2.i3.i4, s1.s2.s3.s4 is the same subnet with o1.o2.o3.o4. internal client can access internal normally, but can't access the IP s1.s2.s3.s4, cause some of the URL written in the WEB server is fixed to http://s1.s2.s3.s4/..., how to make the internal client to access the web server by its global address: s1.s2.s3.s4?

0 Helpful
1 Reply 1

bdube
Level 2
Level 2

‎03-24-2002 08:59 AM

For sure, you cannot access s1.s2.s3.s4 address from inside. I don't know any way to achieve that. Your URL should use "host name" instead of IP address. It's a best practice to use "host name" or i should write a mandatory practice when designing a web site, "never use ip addresses directly". When you use host name in URL, i know two ways to convert them to real address, as seen by internal users. The way you choose is depending of your DNS position and configuration:

1- You have internal DNS only just for internal users, this way, you write the real address in this DNS. Outside users use an ISP DNS where your primary and your secondary DNS are hosted.

2- Don't have a dedicated internal DNS, use public DNS (primary & secondary), hosted by an ISP or in your DMZ, then that way you must use "alias" command.

Regards,

Ben

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card