04-27-2002 08:11 AM - edited 03-08-2019 10:27 PM
My problem is to access a valid IP address (e-mail server) , in DMZ interface from inside.
invalid IP: 10.100.20.101 with STATIC(DMZ,Outside) 200.178.147.43 10.100.20.101 netmask 255.255.255.255
This host is accessible from internet to IP 200.178.147.43, but from inside we have to access to IP address 10.100.20.101 (with NAT / GLOBAL interface).
How can we access this host from inside to DMZ using IP 200.178.147.43 ?
Thank You.
04-28-2002 10:05 PM
I'm having a bit of a stab here but I'd say that it's not possible . The PIX will see this a land attack and not pass the traffic( sho logg will show the exact fault). I would think that you are probably going to be better off if you have a your internal/DMZ DNS point to the DMZ address, This makes better logical sense IMO then trying to go out the firewalls external interface to go back the DMZ.
Tony
04-29-2002 12:05 AM
If it's a question about accessing the mail server with it's external domain name try reading the document below
http://www.cisco.com/warp/customer/110/alias.htm
It gives a good desription of using the alias command for destination nat.
04-29-2002 02:32 AM
Try:
alias (inside) 10.100.20.101 200.178.147.43
sysopt noproxyarp inside
This will cause a DNS fixup to occurr, so as long as you access the email server by DNS name, you should be fine.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: