We are using a PIX515E (IOS 6.1(3)) with a "dmz". The DMZ has a single web server which is hosting multiple web sites. The web server uses a single private IP address, and each web site has a different public IP address. We have configured the PIX with the following for each web site :-
Therefore each website "public" IP maps to the corresponding web server "private" IP / port combination (eg, 192.168.1.1 port 8082) on the DMZ. An access list has been configured to allow access from the "outside". ALL web sites are accessable from the Internet.
However, when we try to access the websites (on the DMZ) from "inside" hosts, DNS resolves to the correct "public" IP for each website, but the website cannot be opened. All other Internet sites can be accessed.
It seems like the packet entering the "inside" interface is NAT'd to the correct "public" IP address, but then the source & destination address are on the same "public" network. Because the packet does not enter the "outside" interface, then the static mappings to the DMZ based webserver do not occur.
We cannot use the "alias" command, as this does not work at the port level - only at the IP address level.
Does anyone know how to allow access to these multiple web sites on the DMZ from "inside" hosts ??
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :