About mhcraig

mhcraig · 07-23-2010

Is it possible to allow hosts behind the inside interface to make (web) requests to IPs that are bound to the outside *without* using DNS to point to the inside IP for the web server?Example:Public FQDN www.domain.com --> 5.5.5.5This site is hosted/b...

mhcraig · 07-21-2010

We have a PIX at a remote data center and - in the event of an upstream routing issue or some issue beyond our control - we'd like to be able to VPN to an interface that is completely off of the "main" network. The problem is the default route is goi...

mhcraig · 05-14-2010

This is a separate question that is a follow up to one that was answered:Help with: Deny TCP (no connection)https://supportforums.cisco.com/thread/2016571Unfortunately that solution - by PATing all source addresses coming in from the outside to ensur...

mhcraig · 05-10-2010

We are going to be renumbering our network and due to how it was set up previously we are dropping in an additional PIX to run side-by-side the existing one while we prep the new configuration. We’ll migrate/change the IPs on the outside for various ...

mhcraig · 04-19-2010

I'm certain I'm doing something wrong in my (simple) test config. I know I can do this as I have a PIX 515e doing this in another office. I'm trying to establish a single IP on the outside that inside hosts can use to access the internet - PAT. Then ...

mhcraig · 07-23-2010

I implemented your solution and it worked perfectly as far as I can tell with my initial tests.Many thanks!

mhcraig · 07-22-2010

One thing I left out to keep the post less verbose was that we have 2 ISPs and are running BGP with our routers in front of the PIX pair. Our advertised network is the "primary" outside interface on the pix. We have non-advertised - from our perspect...

mhcraig · 05-18-2010

Just to answer your *specific* question - YES your assumption is correct.In addition though, I would like hosts behind eth3 to access the internet using a single IP (can be different than the one used for the PATing.Any ideas why I'm seeing this sysl...

mhcraig · 05-17-2010

Thanks for the reply but I'm still not having any luck. I've tried altering the nonat ACL and I can't seem to have the both situations work simulataneously:Situation:Web server is behind eth-poy: 10.100.2.10Statically mapped to the outside eth-isp: 1...

mhcraig · 05-10-2010

You are right That works well. I'm going to dig and see if it has any side-effects in our setup but this should be a great solution even if it's used in the interim.Thanks for the help!-H

Member Since	‎09-19-2005 03:27 PM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	58

User Statistics

User Activity

How to allow inside hosts http access an IP bound to the outside?

Failsafe VPN interface - routing question

PAT / NAT and Inbound/Outbound - Can I do this?

Help with: Deny TCP (no connection)

Static and Dynamic Rules Not Working Together

Re: How to allow inside hosts http access an IP bound to the out

Re: Failsafe VPN interface - routing question

Re: PAT / NAT and Inbound/Outbound - Can I do this?

Re: PAT / NAT and Inbound/Outbound - Can I do this?

Re: Help with: Deny TCP (no connection)