03-04-2004 07:47 AM - edited 03-09-2019 06:38 AM
I have a PIX 515E configured with a DMZ. I have my web server in the DMZ and all is working well. Well, actually too well. Outside users can access the web page on the web server via the web site Hostname.tac.org (Example). Also, outside users can access the web site via the Outside IP Address. However, when you ping or tracert the Outside IP Address of the web site/web server it TIMES OUT.
I did not think the outside would be able to access the Web Site with the Outside IP Address, as it has been changed to a 10.10.10.X address and within the DMZ. What am I missing? I have verified all of my configurations on the PIX and all are correct. Ron
03-04-2004 08:26 AM
you are probably blocking icmp, which is required for ping and traceroute to work.
the web site needs to be accessible by ip, that is how things work
03-04-2004 09:22 AM
What Mostiguy said....
You can use hostheaders on the webserver to force them to hit it by fqdn if you don't want them to be able to do it by ip address.
03-04-2004 10:08 AM
Thanks, I put the Host Header, which took care of the problem. Ron
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: