Let me try to explain my problem in a logical manner. I have a PIX-515R, I added a single 10/100 interface as my 'DMZ1' port. My 'inside' interface is running on 192.168.0.0/24, my 'DMZ1' interface is running on 192.168.1.0/24. I have configured my active directory DNS servers to also be real DNS servers, they are running on the 'inside' network. I wanted my users to be able to access the web server by it's outside name so I moved it to the DMZ interface. This works by using the alias command along with the 'sysopt nodnsalias outbound' command. However from 'Inside' I am unable to directly access anything on the 'DMZ1' network. For example I am unable to access my web server by it's 192.168.1.X address from 'inside.' I can't even ping it. I do get full access by using it's public IP address.
Additionally my web server on 'DMZ1' can't access anything statically mapped to 'Inside' by public addresses or 'Inside' addresses even though they are allowed by the access list. So DNS resolution from my Web server fails because it can't access my DNS servers.
Your problem sounds like a nat problem. Because you are using private addresses you have nat (inside) 1 192.168.0.0 255.255.255.0 and you would map to a global public ip. What you should do when talking from private to private addresses is to use the
"nat (inside) 0 access-list NONAT"
The access-list will be as follows
"access-list NONAT permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0"
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...