Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
719
Views
0
Helpful
5
Replies

accessing outside address from inside lan

yaccad
Level 1
Level 1

‎06-08-2002 02:25 PM - edited ‎03-08-2019 10:54 PM

I have a web server on the inside interface of the PIX version 6.1 Firewall. It is mapped to an outside public address. I want my inside users to be able to access this server by its DNS name or outside address. How can this be done?

Any help appreciated.

Labels:
0 Helpful
5 Replies 5

bsaenz
Level 1
Level 1

‎06-08-2002 07:21 PM

You have to use the alias command mapping the public IP address to the private one so when the rersolution with your DNS server takes place it will strip the public IP address request from the DNS records and replace it with the resolution to the private (internal) IP address and resolve correctly.

Here is an example:

alias (inside) 255.255.255.255

I hope that this helps.

0 Helpful

yaccad
Level 1
Level 1
In response to bsaenz

‎06-08-2002 09:31 PM

Thanks for your reply. My problem is that my DNS server is on the inside as well as the web server. My understanding is that the alias command would only work if my DNS server is on the outside. Is there anything else I can do to get arround this problem.

Thanks

0 Helpful

bsaenz
Level 1
Level 1
In response to yaccad

‎06-09-2002 07:46 AM

Hi,

Do DNS doctoring instead. In DNS doctoring the PIX "changes" the DNS response from the DNS server to be different IP address than the DNS server actually answered for the given name. THis is used when you want the actual application call from the internal client to connect to the internal server by its internal IP address.

Example (notice in this case the public IP and Private IP are switch from my previous suggestion):

alias (inside) 10.10.10.10 99.99.99.99 255.255.255.255

This command sets up DNS doctoring. It initiated from the clients in the "inside" network. It watches for DNS replies that contain 99.99.99.99, then replaces the 99.99.99.99 address with the 10.10.10.10 address in the "DNS Reply" sent to the client PC.

Make sure you have your static routs already set or it will not work.

0 Helpful

yaccad
Level 1
Level 1
In response to bsaenz

‎06-10-2002 10:05 AM

Thanks for your help,

Does this work though when my DNS server is on the inside of the PIX. I have tried doing it and it doesn't seem to work. I have seen documentation that suggests this doesn't work if the DNS server is on the inside.

Thanks again.

0 Helpful

rsnider
Level 1
Level 1

‎06-10-2002 12:34 PM

You may try defining the host name and address of the web server in a local host file on each inside PC, if your network is not too large.

0 Helpful
Customers Also Viewed These Support Documents