03-19-2007 08:06 PM - edited 03-11-2019 02:48 AM
When using a PIX 506 is there a way to allow the internal network to access the external IP range associated with the outside interface?
For example:
Web Server: 206.29.137.58
PIX e0: 206.29.137.57
PIX e1: 10.0.0.1
PC: 10.0.0.10
Is there a way to allow the PC to access the Web server using the external IP?
03-20-2007 01:24 PM
Hi,
Yes we can do that and the process used is referred to as "DNS Doctoring".
Here is how we can do it:
Create a static translation for the web server like this:
static(inside,outside) 206.29.137.58
Here dns is a keyword.
Also, on the outside interface we should have an access-list which should allow access to this ip:
access-list 101 permit ip any host 206.29.137.58
access-group 101 in interface outside
I hope it helps.
Thanks
Ashu
03-20-2007 01:28 PM
Thank you for the reply.
Does this mean that I would only be able to use DNS names to access the resources assigned to the external IP's? Or will I be able to use the direct IP address instead of a name?
Thanks,
Jason
03-20-2007 01:57 PM
Not sure you would want to allow ip from any to your webserver as previously stated but try this document it may help you...
http://cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide