Possible to access own external IP's?

Unanswered Question
Mar 19th, 2007
User Badges:

When using a PIX 506 is there a way to allow the internal network to access the external IP range associated with the outside interface?

For example:

Web Server:

PIX e0:

PIX e1:


Is there a way to allow the PC to access the Web server using the external IP?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
astripat Tue, 03/20/2007 - 13:24
User Badges:


Yes we can do that and the process used is referred to as "DNS Doctoring".

Here is how we can do it:

Create a static translation for the web server like this:

static(inside,outside) dns

Here dns is a keyword.

Also, on the outside interface we should have an access-list which should allow access to this ip:

access-list 101 permit ip any host

access-group 101 in interface outside

I hope it helps.



jksnook Tue, 03/20/2007 - 13:28
User Badges:

Thank you for the reply.

Does this mean that I would only be able to use DNS names to access the resources assigned to the external IP's? Or will I be able to use the direct IP address instead of a name?




This Discussion