Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
183
Views
0
Helpful
1
Replies

Accessing NAT addresses from inside pix 501

aaron_sequoia
Level 1
Level 1

‎11-04-2005 11:10 AM - edited ‎02-21-2020 12:30 AM

I have a pix 501. Currently I have a server inside the firewall that has a static NAT address and access-list defined for port 80. Users outside the network are able to access this ip fine.

However when other users inside the firewall attempt to access the web server using the PUBLIC NAT address, the server does not respond, and the ACL hit count does not increase.

Does the pix not allow traffic from inside to access outside addresses it has in it's static NAT table? Or am I simply missing an ACL?

Current IP Addresses:

ip address outside 10.0.0.1 255.255.255.0

ip address inside 192.168.1.254 255.255.255.0

static (inside,outside) 10.0.0.2 192.168.1.1 netmask 255.255.255.255 0 )

access-list PERMIT_IN line 6 permit tcp any host 10.0.0.2 eq 80 (hitcnt=

0)

Other clients machines are using the following PAT:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎11-04-2005 01:20 PM

The PIX does not allow to connect from the inside network to the outside public IP !

You should use the internel private IP to access the Web Server.

If you use an internel DNS server then you could just simple configure your DNS Server the answer for the internel network with the internel IP.

If your DNS server is outside then you could work with DNS rewriting:

static (inside,outside) WebServerPublicIP WebServerPrivate dns

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card