Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is it possible to allow hosts behind the inside interface to make (web) requests to IPs that are bound to the outside *without* using DNS to point to the inside IP for the web server?Example:Public FQDN www.domain.com --> 5.5.5.5This site is hosted/b...
We have a PIX at a remote data center and - in the event of an upstream routing issue or some issue beyond our control - we'd like to be able to VPN to an interface that is completely off of the "main" network. The problem is the default route is goi...
This is a separate question that is a follow up to one that was answered:Help with: Deny TCP (no connection)https://supportforums.cisco.com/thread/2016571Unfortunately that solution - by PATing all source addresses coming in from the outside to ensur...
We are going to be renumbering our network and due to how it was set up previously we are dropping in an additional PIX to run side-by-side the existing one while we prep the new configuration. We’ll migrate/change the IPs on the outside for various ...
I'm certain I'm doing something wrong in my (simple) test config. I know I can do this as I have a PIX 515e doing this in another office. I'm trying to establish a single IP on the outside that inside hosts can use to access the internet - PAT. Then ...
One thing I left out to keep the post less verbose was that we have 2 ISPs and are running BGP with our routers in front of the PIX pair. Our advertised network is the "primary" outside interface on the pix. We have non-advertised - from our perspect...
Just to answer your *specific* question - YES your assumption is correct.In addition though, I would like hosts behind eth3 to access the internet using a single IP (can be different than the one used for the PATing.Any ideas why I'm seeing this sysl...
Thanks for the reply but I'm still not having any luck. I've tried altering the nonat ACL and I can't seem to have the both situations work simulataneously:Situation:Web server is behind eth-poy: 10.100.2.10Statically mapped to the outside eth-isp: 1...
You are right That works well. I'm going to dig and see if it has any side-effects in our setup but this should be a great solution even if it's used in the interim.Thanks for the help!-H
