Publishing Server

reagentom · ‎11-12-2006

HI all

I have Cisco PIX 515E which has 2 interfaces, I have 4 public IP address I would like to asign 1 public IP address to publish my enternal server, I did that by Nating and it's working fine and the server is accessable from anywhere through internet except from my inside network, I can access any other IPs but not able to access any one of my public IPs..

how to solve it..

network.king · ‎11-12-2006

Hi,

I think you are trying to access with public ip . You can access from ur inside network via private ip only .

In case if you want to access with public ip , then use "alias " . But once done , you would not be able to access via private ip.

Pls ref the link :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

Pls rate all posts

Hope this helps

regards

vanesh k

reagentom · ‎11-12-2006

Thanks Vanesh

I think my case is different, I will expalin to you what I mean, I have server in my internal network with IP 1.1.1.1 and I have public IP 2.2.2.2 and there is Nating running inside PIX to route any trafic comming from internet to 2.2.2.2 to 1.1.1.1, it's working proberly

the problem is from internal PC with IP 1.1.1.2 I want to access this server but through internet, meaning if I called 2.2.2.2 I should be able to access the server through internet like any other user over the internet

is it possible ??

Sureshdank · ‎11-12-2006

If you provide internet access to ip 1.1.1.2 then it can also access ip 2.2.2.2. Without internet access how it can.

The best thing what you should do it configure ALIAS and access the server as vaneesh told you in last post.

Regards,

Suresh Jain

reagentom · ‎11-12-2006

sure I have internet access for host 1.1.1.2 but I am not able to access the server 1.1.1.1 through it.

Sureshdank · ‎11-12-2006

R u able to ping that server from that machine.

Can you please paste the ping and traceroute results.

Regards,

Suresh Jain

reagentom · ‎11-12-2006

No. I am not able to ping the public IP it's giving time out, but sure I am able to ping the private IP

Sureshdank · ‎11-12-2006

what about traceroute results. Where is ur packet getting blocked.

reagentom · ‎11-13-2006

it's reaching my gateway only ..

Sureshdank · ‎11-13-2006

What about other sites from that system, r u able to browse.

Did you permit ICMP in your PIX.

reagentom · ‎11-13-2006

Dear Sureshdank

Thanks for continues help

I will tell u the full scenario

1- My internal network is NATED to external interface

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

2- I have server on my interanal network with IP 10.3.2.2

3- I want to publish this server to the internet.

static (inside,outside) 82.1.1.2 10.3.2.2 netmask 255.255.255.255 0 0

4- this rule is working from anywhere through internet and any one can access my server by calling IP (e.g. 82.1.1.2).

5- any PC in my internal network are not able to see this public IP (82.1.1.2) even I will allow any any connection

when I am ping the public IP from internal network its time out

tracrt showing only up to my gateway which is my router interface.

Sureshdank · ‎11-13-2006

Can you please paste your router and PIX configuration.

reagentom · ‎11-13-2006

pls find attached

Sureshdank · ‎11-13-2006

I think NAT is not happening when on firewall. In your configuration you have given the below,

global (outside) 1 interface ---- What does interface means. Try giving it with IP address.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

reagentom · ‎11-14-2006

this is used to NAT group to group

I tried what u said but no chance.