Possible to access own external IP's?

jksnook · ‎03-19-2007

When using a PIX 506 is there a way to allow the internal network to access the external IP range associated with the outside interface?

For example:

Web Server: 206.29.137.58

PIX e0: 206.29.137.57

PIX e1: 10.0.0.1

PC: 10.0.0.10

Is there a way to allow the PC to access the Web server using the external IP?

astripat · ‎03-20-2007

Hi,

Yes we can do that and the process used is referred to as "DNS Doctoring".

Here is how we can do it:

Create a static translation for the web server like this:

static(inside,outside) 206.29.137.58 dns

Here dns is a keyword.

Also, on the outside interface we should have an access-list which should allow access to this ip:

access-list 101 permit ip any host 206.29.137.58

access-group 101 in interface outside

I hope it helps.

Thanks

Ashu

jksnook · ‎03-20-2007

Thank you for the reply.

Does this mean that I would only be able to use DNS names to access the resources assigned to the external IP's? Or will I be able to use the direct IP address instead of a name?

Thanks,

Jason

acomiskey · ‎03-20-2007

Not sure you would want to allow ip from any to your webserver as previously stated but try this document it may help you...

http://cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml