Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix-501: How do I make an http request back to itself

Can someone help me figure out how to correctly setup the PIX-501 firewall to allow server at address 111.222.333.100 to make an http request back to itself?

I am unable to get server to perform an http request back to itself when called from external client. For instance, I have new version of Atlassian Jira 4.0 installed, but the new system's dashboard contains gadgets that require JIRA will make http requests back on itself in order to retrieve all the gadget specs for that dashboard from itself.

This works fine if I am on the server and use http://localhost:8780 or http://10.0.0.1:8780.

But I am unable to make any http request from server back unto itself when using http://111.222.333.100:8780 -- see settings below (note: in example ethernet address is 111.222.333.200).

The access rules seem to be fine as I am able to reach URL from external client, but the gadgets do not build.

I have the following PIX 501 Firewall configuration:

Hosts/Networks

Outside Interface:

=================

....-....outside:any

.......|

.......-....111.222.333.0

..........|

..........-....111.222.333.100

..........|

..........-....outside 111.222.333.200

.......|

.......-....123.245.789.4

.......|

.......-....123.245.123.21

Inside interface:

================

....-....inside:any

.......|

.......-....10.0.0.0

..........|

..........-....10.0.0.1

..........|

..........-....inside 10.0.0.254

Translation Rules

=================

============================================================

| Original || Translated |

| -----------------------------------------------------------|

| Interface | Address || Interface | Address |

| -----------------------------------------------------------|

| outside | 111.222.333.100 || inside | 10.0.0.1 |

| -----------------------------------------------------------|

| inside | 10.0.0.1 || outside | 111.222.333.100 |

============================================================

2 REPLIES
New Member

Re: Pix-501: How do I make an http request back to itself

A quick solution is to use a hostname. Make an entry in the local server HOSTS file with the local IP and the Hostname. Configure the server to reference itself via the hostname. Problem solved.

If the device must reference itself via the NATed IP number, then thats a bit of a problem. I've never solved it on a 2 interface PIX 501.

New Member

Re: Pix-501: How do I make an http request back to itself

Thanks for the suggestion, but I think I need to be able to reference via NATed IP number.

I am think at this point that I may need to remove the firewall, temporarily, to determine if that is really the issue. I have not hit this issue with other server/firewall setups in the past.

102
Views
0
Helpful
2
Replies