Is it possible to allow hosts behind the inside interface to make (web) requests to IPs that are bound to the outside *without* using DNS to point to the inside IP for the web server?
Public FQDN www.domain.com --> 126.96.36.199
This site is hosted/bound on 10.10.10.10 behind the PIX eth-inside interface
Current Static rule to allow internet users to access the web server that is behind eth-inside. This works fine for internet users obviously:
static (eth-inside,eth-outside) 188.8.131.52 10.10.10.10 netmask 255.255.255.255
...but I need to allow *inside* hosts to make HTTP requests to "www.domain.com" (aka 184.108.40.206 publicly) and pull up the web site that is really bound to 10.10.10.10.
Note: Unfortunately with our situation it isn't feasible to simply use internal DNS or something like a hosts file to point to the local IP for requests made to that hostname. There are thousands of FQDNs using many different domains and management wouldn't be possible.
I was hoping I could tell the PIX if a packet arrives on eth-inside and is bound for an IP bound to eth-outside then send it right back in to the local IP (in this case 10.10.10.10).
Is this possible?
You have couple of solutions based on your setup. From your description, it
seems like you are using internal DNS server. So, you can do the following:
static (eth-inside,eth-inside) 220.127.116.11 10.10.10.10 netmask 255.255.255.255
global (eth-inside) 1 interface
nat (eth-inside) 1 0.0.0.0 0.0.0.0
same-security-traffic permit intra-interface
This will U-Turn the traffic and make sure that all your internal hosts can
access the web-server using its public IP address.
Hope this helps.