I have a PIX 515E with 3 interfaces running v6.2(2). On the DMZ interface, I'm running a webserver with a private IP. Using the static command, I have a public IP mapped to the web server for port 80 and port 22 on the external interface. To allow internal hosts access to this server, I setup an alias that redirects all resolution of the public IP to the web server's private IP. This works fine for web browsing, but this web server also serves a second function. I also use it as an alternative VPN by using SSH port-forwarding. When I connect to the server via SSH (from outside of the network) prior to the addition of the alias command, I had no problems with port-forwarding. Once the alias command was set, it stopped working.
From the internal network, I'm also unable to SSH to the web server's private IP any more (I have to access it through its public IP), even though I was able to prior to the alias command being in place.
I thought the alias command was only suppose to affect requests directed to the public IP of the server. Can anyone tell me why I'm running into this issue, and what would be some ways to get around the problem? Thanks in advance!
The alias cmd would redirect all requests to your web server internal IP to the public IP. The DNS replies on the other hand, would be doctored by the PIX, so that the DNS reply to the inside clients would be changed to the web server internal IP. Is your domain name hosted by your ISP or do you have a DNS server? I was thinking maybe by using names instead of IP addresses would resolve your problem.
Thanks for the suggestion Matthew. I solved the problem by creating a virtual interface on the server, and directing the alias command to that. This allowed the normal interface IP to be accessed normally.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :