Worked on Linksys but now on PIX

jkrawczyk · ‎05-16-2005

Hi;

I've replaced my Wal-mart linksys firewall router with a PIX 506E. The only problem I'm having is accessing from my inside interface, servers that reside on my inside interface but resolve to IP addresses on my outside interface. I can access my inside servers form the internet but not from my inside.

I'm thinking that I need to do a nat 0 so that my inside to outside interface will not be nat'd.

Confusing topic, I expect no replies but thoughts would be appreciated.

Regards

Jeff

gfullage · ‎05-16-2005

This is not going to work on a PIX unfortunately. The PIX does have a feature called "destination-NAT", where you would send packets to the external address, but the PIX would then forward them onto the internal address, but this only works when the server is on a DMZ interface. The PIX won't route a packet back out the same interface it came in on, no way around it unfortunately.

You'll could set up an internal DNS server that is only authoritative for this particular server address (and would resolve it to the internal IP address), and that would forward all other requests to your external DNS server as normal.

Or simply reference the server via its internal IP address rather than its name when you're on the inside.

a.alekseev · ‎05-16-2005

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml