Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access a valid IP in DMZ from Inside

My problem is to access a valid IP address (e-mail server) , in DMZ interface from inside.

invalid IP: 10.100.20.101 with STATIC(DMZ,Outside) 200.178.147.43 10.100.20.101 netmask 255.255.255.255

This host is accessible from internet to IP 200.178.147.43, but from inside we have to access to IP address 10.100.20.101 (with NAT / GLOBAL interface).

How can we access this host from inside to DMZ using IP 200.178.147.43 ?

Thank You.

3 REPLIES
New Member

Re: Access a valid IP in DMZ from Inside

I'm having a bit of a stab here but I'd say that it's not possible . The PIX will see this a land attack and not pass the traffic( sho logg will show the exact fault). I would think that you are probably going to be better off if you have a your internal/DMZ DNS point to the DMZ address, This makes better logical sense IMO then trying to go out the firewalls external interface to go back the DMZ.

Tony

hhm
New Member

Re: Access a valid IP in DMZ from Inside

If it's a question about accessing the mail server with it's external domain name try reading the document below

http://www.cisco.com/warp/customer/110/alias.htm

It gives a good desription of using the alias command for destination nat.

VIP Purple

Re: Access a valid IP in DMZ from Inside

Try:

alias (inside) 10.100.20.101 200.178.147.43

sysopt noproxyarp inside

This will cause a DNS fixup to occurr, so as long as you access the email server by DNS name, you should be fine.

505
Views
0
Helpful
3
Replies