Re: Question on firewall configuration

coreizero · ‎05-02-2012

Hi

The above configuration is the sketch of my network with PIX firewall 515E. 200.2.xx.xx are the public IPs.

It has been configured that if someone through Internet access specific services like http

of 200.2.xx.xx is routed through to local address 192.168.0.240. Anyone can access

the sevice using the domain name or the public address 200.2.xx.xx. When it is in the LAN,

we can access the website using the domain name but not with the public IP address.

But accessing via local address is successful like http://192.168.0.240. Is there a way to re-route

the traffic to the LAN address if someone inside the LAN access the service using the public address?

Please help me.

Actually, I need to configure a server that will only use IP address. But both inside and outside users

should be allowed to access the service using the public IP address. So far, users have to use

public IP when they are at home and private IP when they are in the LAN. Thank you.

a.matahen · ‎05-03-2012

Hello Refg,

Configuration is do-able, but you will need software version 7.2(1) at least, I recommend 7.2(4) latest interim.

What is the firmware version running on your PIX appliance?

Ahmad

coreizero · ‎05-04-2012

Thanks, Ahmad.

I do not have 7.2 right now and I am not authorised to do the upgrade. There is no walkaround for this?

a.matahen · ‎05-04-2012

Hello Refg,

Unfortnately no, since commands needed were introduced in that version.

One of the commands used is same-security-traffic permit intra-interface applies to non-encrypted traffic after 7.2(1).

Ahmad