Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Accessing inside webserver with external ip-address

Hello,

I need help to the following problem:

I have a Windows Small Business Server running Exchange with OWA. Users need to access the OWA from the Internet by the following DNS name webmail.company.com wich points to an offical ip-address defined in their 501 pix and nat'ed to the SBS server on the inside inteface.

Everything works perfectly from the Internet/outside interface, but when my users try to connect to webmail.company.com at from the inside interface they are trying to reach the offical ip-address defined in the pix.

I have done this with Cisco pix's with more interfaces, were I natted the webserver from the DMZ interface to the Inside interface with an offical ip-address and it worked.

Here it is a little bit different since I only have two intefaces and the webserver resides on the same interface.

Please, anyone, any suggestions?

Thanks!

7 REPLIES
Green

Re: Accessing inside webserver with external ip-address

I assume internal users are using an external dns server? If so, you can use dns doctoring in the pix with 2 interfaces.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

New Member

Re: Accessing inside webserver with external ip-address

Hello,

I have tried dns doctoring before, but couldn't get it to work.

After you mentioned it again, I tried it at another customer with same configuration except that webmail.company.com is an A-record (not cname) and the entire offical ip-address is nated to the same server (not portforwarding were only 80 and 443 are nated).

Do you guys know of any issue using dns doctoring with cname-records or using portforwarding in pix?

Green

Re: Accessing inside webserver with external ip-address

If you look through the document it does mention that port forwarding is not supported using this method :(

Re: Accessing inside webserver with external ip-address

Hi,

You have yourself a problem. If I understand you correctly, you need trafic leaving from the same interface it came from. This feature was introduce in version 7 if I remember correctly and the 501 does not support that version.

New Member

Re: Accessing inside webserver with external ip-address

Another easy solution is to setup a 'fake' internal DNS zone file for company.com. Since the SBS server is the internal DNS server for the users you can configure a company.com zone file on it and have that zone file have the internal IP addresses for the users. External Internet resolution points to a different DNS server and thus everyone else gets External IPs which work for them.

A Split DNS server config gets around the problems the PIXes have with 'same interface' traffic. It does require more configuration and maintenance though.

New Member

Re: Accessing inside webserver with external ip-address

We are facing the same problem. We are hosting the webserver on internal LAN and using the PAT. Everything works fine from outside but users from inside are not able to goto the website using the public domain name. I tried using the DNS Doctorine did not work and later found out that DNS Doctorine works only for NAT. I also tried using the alias http://www.cisco.com/warp/public/110/alias.html

did not work either. We do not host internal DNS so I can not use fake DNs zone. the only solution I have implemented is to update the hosts file on indvidual desktop.

We have so many guest visitors who try to use their laptops and not able to goto our website, shame...!!!.

There should be a better solution for this. I am sure so many poeple must be facing the same problem.

Green

Re: Accessing inside webserver with external ip-address

It is much easier with 3 interfaces or with asa/pix version 7 as you can hairpin. Their is no great solution for pix 6.

148
Views
5
Helpful
7
Replies