is this NAT config possible o a PIX515e?

Answered Question
Mar 19th, 2008

i have been asked if it's possible to have inside users ( who have a dns entry pointing them to our outside interface ( for our web site to be rerouted to our dmz which is with out going out of the PIX and back in b/c you cant ping from our inside int to our outside int.

i attached a simple diagram b/c it's hard to explain.

let me know if you need more info.

thanks alot - jerry.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
jerry.mcrae Wed, 03/19/2008 - 14:45

that worked but now i cant ping the internal ip - i can rdp into it though but my monitor software says it's down b/c of the ping.

so i added this alias (inside)

any ideas on the ping?

thanks a ton - jerry

abinjola Wed, 03/19/2008 - 12:26

Jerry add this :-

nat (inside) 1 0 0

global (dmz) 1 interface

static (dmz,inside)

see if this helps !

abinjola Wed, 03/19/2008 - 23:27

its not possible to access the server from its private ip address in case you have "DNAT" configured.i.e either you can access it via private ip address or public ip address


This Discussion