×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

The VPN Client on the inside is unable to access the web server on the inside by name, but it can access it by a real IP address

Document

Wed, 07/22/2009 - 19:47
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Core issue

The VPN Client's Domain Name System (DNS) server is also on the inside, and it is returns the global (translated) IP address of the web server.


Resolution

If the VPN Client, web server and DNS server are all located off the same interface on the PIX Firewall, then the PIX cannot doctor the DNS replies with the alias command because the replies do not pass through the PIX. The only solution is for the internal DNS server to respond to requests for the web server's name with the real IP address.

For more information, refer to Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX.

Loading.

Actions

This Document

Related Content