Possible to access own external IP's?

Unanswered Question
Mar 19th, 2007
User Badges:

When using a PIX 506 is there a way to allow the internal network to access the external IP range associated with the outside interface?

For example:

Web Server: 206.29.137.58

PIX e0: 206.29.137.57

PIX e1: 10.0.0.1

PC: 10.0.0.10


Is there a way to allow the PC to access the Web server using the external IP?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
astripat Tue, 03/20/2007 - 13:24
User Badges:

Hi,


Yes we can do that and the process used is referred to as "DNS Doctoring".


Here is how we can do it:


Create a static translation for the web server like this:


static(inside,outside) 206.29.137.58 dns


Here dns is a keyword.


Also, on the outside interface we should have an access-list which should allow access to this ip:


access-list 101 permit ip any host 206.29.137.58


access-group 101 in interface outside


I hope it helps.


Thanks


Ashu

jksnook Tue, 03/20/2007 - 13:28
User Badges:

Thank you for the reply.


Does this mean that I would only be able to use DNS names to access the resources assigned to the external IP's? Or will I be able to use the direct IP address instead of a name?


Thanks,

Jason



Actions

This Discussion