PIX, Public address and alias???

galfonzo · ‎06-02-2004

I have a PIX 506e running 6.2. There is a W2K server on the inside running phone system software. It is a web interface running through IIS. I have a static entry in the pix for the W2K server. The Vendor's software requires the firewall or NAT to be able to do a "U Turn" with the public IP address. WHen local users access the web site with the private ip address, the software redirects the request to the public ip address. The nat or firewall device then is supposed to redirect this back to the server. My understanding is the PIX is not supposed to be able to do this. Is there a work around for this with the Alias command? I have tried several ways to get around this but have not been successful. This is expensive software and I have to make it work. Hope this is clear enough

Thank you,

Dale

ehirsel · ‎06-02-2004

Are the users coming in using the pix outside interface? Or do they reside on the internal network too?

If the users and the server are off of the same interface, the pix will not be able to redirect back thru that interface, whether or not aliases are configured. In that case, the server needs to be off of a different interface - if the pix only has two ports, then update the code to 6.3 to use logical interfaces. I could go on, but I need my questions answered first to understand your topology.

galfonzo · ‎06-04-2004

Only 2 interfaces on the PIX. Server and users on same interface. I can upgrade PIX to 6.3(3). I am not that familiar with logical interfaces. Any Cisco.com resources easy to find?

galfonzo · ‎06-04-2004

The PIX is a 506e. I just read that it does not support logical interfaces.

Dale