DNS rewite and overloaded NAT

Unanswered Question
Oct 23rd, 2009
User Badges:

We have a PIX515. On the inside is a mail server and clients. We have a dynamic NAT to the outside address overloaded by a static on port 25 for inbound mail. On the DMZ is a Web server that has a dynamic NAT to the same outside address plus overloaded static on port 443.

Access from inside to the DMZ is NAT exempt.

I am trying to set DNS rewrite (I assume on the inside/outside dynamic nat) so that accesses to the DMZ web server from the inside can be made using the external address. But this appears not to work.

Is this because of the multiple overloads, or is there an issue to do with the NAT order, or is the fact that inside/dmz traffic is not NATed?

Should I use outbound translates for inside/dmz traffic?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Tanveer Deewan Sat, 10/24/2009 - 16:32
User Badges:

To access your webserver in DMZ from Inside using the server's public IP configure:

static (dmz,inside) y.y.y.y 443 x.x.x.x 443

where y.y.y.y is the public IP of the webserver and x.x.x.x is its private IP. This is an alternate to DNS doctoring for your case.


This Discussion