Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1536
Views
0
Helpful
5
Replies

How to access a internal website via public address

rjain
Level 1
Level 1

‎09-29-2003 10:11 AM - edited ‎03-09-2019 04:58 AM

I have pix firwall version 6.22.I have the website which can be accessed by name or by IP address from inside of the network. But when try to use a outside IP address it doesn't find it. Is this a DNS issue? or it is a firwall configuration issue? or it will not work by outside address from inside?

Please help me out. Thanks

Labels:
0 Helpful
5 Replies 5

travis-dennis_2
Level 7
Level 7

‎09-29-2003 11:59 AM

This is usually a PIX config issue. depending on your setup you can have internal users use the publci and still get to the server. My advice is to get a domain name for that IP address. That way both internal and external users can get to it with no configuration changes on your PIX. Then put a DNS entry on your DNS server that references the domain name and point to the private. That way your internal users don't have to go out and come back in on the PIX.

0 Helpful

wipro_security
Level 1
Level 1

‎10-28-2003 06:00 AM

Are you trying to access your website using public IP/FQDN while sitting into the same lan segment where the actual webserver is located? If yes,possibly pix isn't supporting loopback translation. Try accessing it from external world using its public IP address. Here i'm taking for granted that you have set up static destination NAT correctly.

If it can't be accessed from anywhere outside using the IP address then you may need to verify your NAT.

0 Helpful

osam
Level 1
Level 1

‎10-28-2003 08:43 AM

This is a common problem when doing NAT on the PIX. You will need to do "DNS doctoring", please check the following link,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

0 Helpful

bfl1
Level 1
Level 1
In response to osam

‎11-04-2003 08:55 PM

There are 2 things to try. DNS Doctoring and Destination NAT. I've had to use both, depending on the situation:

1) The server is physically located on the same side subnet/pix interface that you are.

In this instance, DNS Doctoring will probably work.

Internal IP Address: 192.168.1.10

Public IP Address: 12.2.2.2

alias(inside) 192.168.1.10 12.2.2.2

2) The server is located in the DMZ. In this case, you "flip" the order of the addresses in the alias command.

Internal IP: 172.17.1.10

Public IP: 12.2.2.2

alias(dmz) 12.2.2.2 172.17.1.10

DNS doctoring "doctors" the DNS replies from an external DNS server. The address translated is the address embedded in the A-Record for the host whose name is being resolved by the DNS server. DNS doctoring is necessary when an internal client needs to connect to an internal server by its hostname and the DNS server is outside the PIX.

With Destination NAT, the PIX translates the destination IP address of an application call. This is necessary when you want an application call (web browser) from an internal client to a server in a perimeter network to use the server's external IP address. DNAT doesn't "doctor" the DNS reply, it basically “nat’s” it.

Hope this helps.

0 Helpful

lwierenga
Level 1
Level 1

‎10-31-2003 10:17 PM

DNS issue.

0 Helpful
Customers Also Viewed These Support Documents