Internal hosts cannot browse to a web server on the Demilitarized Zone (DMZ) by name through a PIX Firewall when the Domain Name System (DNS) server is located on the outside.
If internal clients need to access servers off of the DMZ interface of the PIX, and their DNS server is located on the PIX outside interface, then the PIX must do Destination Network Address Translation (DNAT) to the packets from the inside interface to the DMZ.
Here are some possible solutions:
PIX Version 6.2 and Later
If the PIX runs version 6.2 or later, issue this command:
The configuration for DNATting remains same in 7.0 and there is no change in the configuration required.
Users are not able to access the server in DMZ and they get the error "page cannot be displayed"
he problem might be the authentication access level or it could be the NAT configuration for DMZ access issue with the particular user. If you configure the AAA authentication for the user, then check the user rights in the AAA configuration and ACS if you used.
Also verify the ACL permit command and DMZ NAT Configuration have the enough pool of IP address for the translation.
PIX command authorization and expansion of local authentication was introduced in version 6.2 and above. The following documents provides an example of how to set this up on a PIX.
Hey guys, I'm trying to configure multiple SNMP community strings on a Cisco ASA5506 running v9.8.2. We're working with another company to have the ASA monitored, but I don't see a way to add another SNMP community without having the existing one overwrit...
I am currently running interim release 9.6(4)42. I want to upgrade one last time before I cannot get contract support next November. Can anyone recommend a good major release that is stable. We use Firepower 220.127.116.11 with an FMC. We also run Anyconnect 4.7...
Hello, guys.Cannot find info if we can upgrade NAM from ASA ?Does someone know if it is possible ?AnyConnect itself upgrades successfully from ASA but AC and NAM versions should match.In addition to this NAM installation breaks up network connectivity so ...
Hello, I am curious to know , if a Cisco VPN AnyConnect is configured and for Posture of this VPN we use Cisco ISE , how Cisco ASA forwards the traffic to Cisco ISE when it does Posture. I have 2 Cisco ISE and I know that PSN is always Active Active ...