Unable to access Internal sites from Internal

rich · ‎10-17-2001

Hello,

Inside users can start connections and surf the web fine. However, they cannot access web server sites located internally. The internal sites can be accessed fine externally. DNS servers reside externally. It appears the internal sites resolve the site's internal address correctly, then die. Infact, a webserver cannot pull up it's own address or a site of a server next to it, but can hit any site outside. DNS issue?

Thanks!

hiepnguyen · ‎10-17-2001

Yes this is a DNS issue. What you have to do is create a internal DNS server to serve your internal network to your websites located behind the firewall. Make usre you set your workstations with the internal DNS sever first then the external DNS. Hope this helps.

rich · ‎10-17-2001

Thanks for your help! I take it I would have to do this regardless, since we are going to put the mail servers behind the pix. Otherwise, different domains would not be able to email each other if they both reside behind the firewall.

jscinocca · ‎10-17-2001

if you are using a PIX Firewall, just issue some alias commands, and your done....

rich · ‎10-17-2001

Would the alias commands be instead of adding an internal DNS? Also, could I use the "net" alias technique where as aliasing the entire subnet?

jscinocca · ‎10-18-2001

alias (inside) "InT_IP" "Ext_IP" 255.255.255.255

Set the servers DNS address to a server on the outside. Do an nslookup and look what you see

The PIX does the work for you

rrbleeker · ‎10-19-2001

From a security point of view you should use the solution wiht 2 seperate DNS servers. This would comply with the 'Defense In-Depth' approach. Using a single DNS forces you to reveal more information that you should.