Solved: is this NAT config possible o a PIX515e?

jerry.mcrae · ‎03-19-2008

i have been asked if it's possible to have inside users (172.16.1.1) who have a dns entry pointing them to our outside interface (1.2.3.4) for our web site company.net to be rerouted to our dmz which is 10.10.5.0 with out going out of the PIX and back in b/c you cant ping from our inside int to our outside int.

i attached a simple diagram b/c it's hard to explain.

let me know if you need more info.

thanks alot - jerry.

Collin Clark · ‎03-19-2008

Here's a link that should help.

http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html

View solution in original post

Collin Clark · ‎03-19-2008

Here's a link that should help.

http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html

jerry.mcrae · ‎03-19-2008

that worked but now i cant ping the internal ip - 10.10.5.6. i can rdp into it though but my monitor software says it's down b/c of the ping.

so i added this alias (inside) 1.2.3.4 10.10.5.6 255.255.255.255

any ideas on the ping?

thanks a ton - jerry

abinjola · ‎03-19-2008

Jerry add this :-

nat (inside) 1 0 0

global (dmz) 1 interface

static (dmz,inside) 1.2.3.4 10.10.5.0

see if this helps !

jerry.mcrae · ‎03-19-2008

havent tried this one yet.

abinjola · ‎03-19-2008

its not possible to access the server from its private ip address in case you have "DNAT" configured.i.e either you can access it via private ip address or public ip address