I have just put a web server into a DMZ zone behind a PIX 520. I have a bunch of users on the inside network and then a card for the outside network.
Our DNS is offsite IE not behind our firewall and we are currently on NT4. So the internal clients have WINS only for internal resolution.
When I ping the website which is being served in the DMZ, from a internal client it was giving me the correct lookup from the external DNS. Of course the client couldn't get to the website as PIX520 6.3 OS does not allow for route going out and back in.
Anyway over night something has happen as the resolution is now the internal NAT address in the firewall and the hosts can now see the website.
My question is this:
Does the pix compensate for this somehow or how do people get the lookup correct for internal client looking at DMZ websites without affect external DNS entries.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...