Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
3
Replies

access web server from inside

igorb1978
Level 1
Level 1

‎02-10-2005 11:22 AM - edited ‎03-02-2019 09:36 PM

Hi, I have a router 2611xm, behind it, I have a pix515E and after i have my corporate network. Our web server is plugged into DMZ zone on the Pix firewall. Internet users can access to our web server, but employees can't access to web server with : www.webname.com. They have to type the private ip address on their browser : http://192.168.6.6. I would like that employees should get in touch with the web like internet users. Maybe I should setup static route on the router ? If you have any idea ??? thanks a lot.

Thomas.

Labels:
0 Helpful
3 Replies 3

frennzy
Level 1
Level 1

‎02-10-2005 11:28 AM

You have what is known as a split-horizon DNS issue. I'm assuming that you are using external DNS for name resolution, or that you have a windows AD envrionment, with a domain that matches your external website name.

All you really need to do is update your internal DNS to point to the '192.168.6.6' address for that hostname. If you don't have internal DNS, you can add the entry to your clients 'hosts' file.

You can confirm this to be split horizon DNS by pinging the website from an internal client. If the address returned from a lookup is your external IP (for example, 62.x.x.x) then the PIX is working like it should. (it won't support 'horseshoe' routing...meaning that your internal clients try to go to an exterrnal address...but since that external address actually get's NATd ack to an IP in you DMZ, the PIX won't do it...)

It's possible I am misunderstanding your setup, though.

0 Helpful

igorb1978
Level 1
Level 1
In response to frennzy

‎02-10-2005 11:58 AM

I have a internal DNS server. How to update my internal DNS to point to the '192.168.6.6' address for that hostname ? should I create a new " reverse lookup zone" ?

Thanks for your fast reply

0 Helpful

frennzy
Level 1
Level 1
In response to igorb1978

‎02-10-2005 01:12 PM

Okay...one more question:

Is this internal DNS authoritative for your domain? In other words, are you using that DNS server to either respond to DNS requests from outside, or are you using it as your primary maintenance point and doing zone transfers to a public DNS server?

If not, you can just add the address of www.website.com or whatever in your forward lookup zone.

If you *are* using that DNS server to supply the rest of the world with your web server's address, you will need to either add a slightly different hostname and teach your users to connect to that hostname (with the 192.68.6.6 address), or, you will need to do some other sort of DNS trickery. I'm no DNS guru, so you may need to look into your specific DNS server's documentation.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card