03-19-2008 11:07 AM - edited 03-11-2019 05:19 AM
i have been asked if it's possible to have inside users (172.16.1.1) who have a dns entry pointing them to our outside interface (1.2.3.4) for our web site company.net to be rerouted to our dmz which is 10.10.5.0 with out going out of the PIX and back in b/c you cant ping from our inside int to our outside int.
i attached a simple diagram b/c it's hard to explain.
let me know if you need more info.
thanks alot - jerry.
Solved! Go to Solution.
03-19-2008 12:01 PM
Here's a link that should help.
http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html
03-19-2008 12:01 PM
Here's a link that should help.
http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html
03-19-2008 02:45 PM
that worked but now i cant ping the internal ip - 10.10.5.6. i can rdp into it though but my monitor software says it's down b/c of the ping.
so i added this alias (inside) 1.2.3.4 10.10.5.6 255.255.255.255
any ideas on the ping?
thanks a ton - jerry
03-19-2008 12:26 PM
Jerry add this :-
nat (inside) 1 0 0
global (dmz) 1 interface
static (dmz,inside) 1.2.3.4 10.10.5.0
see if this helps !
03-19-2008 02:46 PM
havent tried this one yet.
03-19-2008 11:27 PM
its not possible to access the server from its private ip address in case you have "DNAT" configured.i.e either you can access it via private ip address or public ip address
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: