Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

accesing web server from internal lan using public ip address

Hi, I have seen similar topics but not a clear answer about this issue. I have a PIX 515e with two interfaces, an internal web server (ip 192.168.0.5) and want internal users access the server by its public ip address ie(99.99.99.9), not using DNS. Tried alias command "alias (inside) 99.99.99.9 192.168.0.5" but doesnt work for http. I can access the server from the lan using the public address for smtp, pop3 and ftp with or without alias command, but not http service. Any idea?

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: accesing web server from internal lan using public ip addres

just several quick comments.

one function of the command "alias" is to force the pix to manipulate the dns response. however, you mentioned you were not using dns.

the command "alias" will also force the pix to send the traffic to 192.168.0.5 when receiving a packet from the inside and destined for 99.99.99.9. however, since both the host and the server are located in the same segment, i.e. pix has to re-route the packet back to the inside interface, and this operation is not supported with pix v6.x.

further, you mentioned the inside host can access smtp, pop3, and ftp by using 99.99.99.9. this is interesting as the host from 192.168.0.0 would not have directly access to the host from 99.99.99.x without a router.

1 REPLY
Gold

Re: accesing web server from internal lan using public ip addres

just several quick comments.

one function of the command "alias" is to force the pix to manipulate the dns response. however, you mentioned you were not using dns.

the command "alias" will also force the pix to send the traffic to 192.168.0.5 when receiving a packet from the inside and destined for 99.99.99.9. however, since both the host and the server are located in the same segment, i.e. pix has to re-route the packet back to the inside interface, and this operation is not supported with pix v6.x.

further, you mentioned the inside host can access smtp, pop3, and ftp by using 99.99.99.9. this is interesting as the host from 192.168.0.0 would not have directly access to the host from 99.99.99.x without a router.

107
Views
0
Helpful
1
Replies