Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Strange issue with FWSM

I have a customer that is using FWSMs.  There are 4 interfaces  (inside 100 , outside 0 , dmz 50 , wireless 4 ).


So to give an example:


1) I connect to the wireless and get an address of 192.168.1.x.  My DNS server is on the dmz and I can resolve addresses and surf the internet.

2) I want to get to a server owned by the customer so I type

3) The DNS gives the external address and the attempt is made.

4)  I time out....


If I connect via an external source (like an iPhone using ATT network)  I connect with no problem... I get the same external address.


Thoughts to look at?  I've double checked everything and so far cannot find a good answer...

New Member

Can we see the access-lists

Can we see the access-lists?

Sounds like DNS doctoring is what you're looking for:

VIP Green

I am assuming that

I am assuming that is the webserver IP?

And if you do an nslookup for you get that same public IP?

If that is the case, then that is the problem.  You would need to do either DNS doctoring or add another NAT statement.

DNS doctoring is done by just adding the keyword DNS to the end of the relevant NAT statement:

static (web_dmz,OUTSIDE) 20X.XXX.XX.76 172.16.XXX.76 netmask dns

the other option would be to translate the public IP which is ingress on the inside interface to the private IP which is egress on the DMZ interface.  Something like the following:

static (inside,web_dmz) 172.16.XXX.76 20X.XXX.XX.76 netmask

I suggest trying the dns doctoring option first and then try the second option if it doesn't work.


Please remember to select a correct answer and rate helpful posts


Please remember to rate and select a correct answer
CreatePlease to create content