11-03-2006 01:55 PM - edited 03-09-2019 04:46 PM
Occasionally we will need to create an external connection for testing whereby we bypass our firewall.
We have something very strange going on. When I put a workstation on our external switch and give it a fixed public ip, I can go to every over web site, but our own?
If anyone has any clues as to why this is please help. I can ping our web site and go home and get to it fine...just cannot go out on one our external switches and then get our web page.
TIA, Gary
11-04-2006 01:51 AM
Trying to understand your situation..
You plugged a workstation (wks) with outside IP Address (same subnet with internet router and PIX outside interface IP) to your external switch. This wks can access any internet webserver, except your own webserver, but can ping it without problem. And from home, you can access it (your websvr) without any issue. Is this correct?
By right, if you mapped your internal websvr to a public IP (in firewall) and allow at least icmp & www services in ACL applied on your outside interface, it should be working fine. Logically, the wks, internet router FE facing PIX, PIX's outside interface and your WEBSERVER are sitting in the same segment.
Some background info - make sure your wks IP's netmask is correct, no ACL entry in your existing ACL on the outside interface denying any IP from the range of your public IPs, make sure the public IP used by the wks belongs to the range assigned to you by your ISP.
BTW, is there any restriction on the external switch?
HTH
AK
11-07-2006 12:34 PM
You plugged a workstation (wks) with outside IP Address (same subnet with internet router and PIX outside interface IP) to your external switch. This wks can access any internet webserver, except your own webserver, but can ping it without problem. And from home, you can access it (your websvr) without any issue. Is this correct?
YES! Exactly correct!
BTW, is there any restriction on the external switch? NO
By right, if you mapped your internal websvr to a public IP (in firewall) and allow at least icmp & www services in ACL applied on your outside interface, it should be working fine. YES, I agree, this is what I do not understand as why it is not working.
Logically, the wks, internet router FE facing PIX, PIX's outside interface and your WEBSERVER are sitting in the same segment.
I am sorry, I do not understand what you are asking here...or what is meant by FE?
TIA,
Gary
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide