Hairpinning on a PIX 506?

Unanswered Question
May 1st, 2007

Is there a "hairpinning" type solution in place for the 506 using 6.3(5)? DNS doctoring and alias does not fit our configuration needs.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Tue, 05/01/2007 - 12:40

Hairpinning is not an option as traffic needs to enter and exit same interface. You need pix/asa 7. What are your needs?

jksnook Tue, 05/01/2007 - 12:49

Thanks for the reply. We have a java web tool that is hard coded within java to run on the external IP address. Dont ask me why the developers of the tool decided on this method. When the java app loads it uses a classloader of: http://x.x.x.x/data where X is the outside IP.

acomiskey Tue, 05/01/2007 - 12:55

I was going to recommend creating a dmz and doing destination NAT.

static (dmz,inside)

but you have a 506 :(

Jon Marshall Tue, 05/01/2007 - 22:35

Hi Adam

Just for reference.

We have a pix 506E running version 6.3(5) that does destination NAT using similiar static statements to the one above.

The 506E can do it as far as i am aware.


acomiskey Wed, 05/02/2007 - 04:51

Hey Jon,

I figured he didn't have a dmz with a 506, that was my point.

Jon Marshall Wed, 05/02/2007 - 04:57

Hi Adam

Good point !! - i missed that.

Of course you could always do 802.1q trunking but that's another story :-)




This Discussion