Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
2
Replies

Can ping web server but no http access

hornbeck
Level 1
Level 1

‎11-03-2006 01:55 PM - edited ‎03-09-2019 04:46 PM

Occasionally we will need to create an external connection for testing whereby we bypass our firewall.

We have something very strange going on. When I put a workstation on our external switch and give it a fixed public ip, I can go to every over web site, but our own?

If anyone has any clues as to why this is please help. I can ping our web site and go home and get to it fine...just cannot go out on one our external switches and then get our web page.

TIA, Gary

Labels:
0 Helpful
2 Replies 2

a.kiprawih
Level 7
Level 7

‎11-04-2006 01:51 AM

Trying to understand your situation..

You plugged a workstation (wks) with outside IP Address (same subnet with internet router and PIX outside interface IP) to your external switch. This wks can access any internet webserver, except your own webserver, but can ping it without problem. And from home, you can access it (your websvr) without any issue. Is this correct?

By right, if you mapped your internal websvr to a public IP (in firewall) and allow at least icmp & www services in ACL applied on your outside interface, it should be working fine. Logically, the wks, internet router FE facing PIX, PIX's outside interface and your WEBSERVER are sitting in the same segment.

Some background info - make sure your wks IP's netmask is correct, no ACL entry in your existing ACL on the outside interface denying any IP from the range of your public IPs, make sure the public IP used by the wks belongs to the range assigned to you by your ISP.

BTW, is there any restriction on the external switch?

HTH

AK

0 Helpful

hornbeck
Level 1
Level 1
In response to a.kiprawih

‎11-07-2006 12:34 PM

You plugged a workstation (wks) with outside IP Address (same subnet with internet router and PIX outside interface IP) to your external switch. This wks can access any internet webserver, except your own webserver, but can ping it without problem. And from home, you can access it (your websvr) without any issue. Is this correct?

YES! Exactly correct!

BTW, is there any restriction on the external switch? NO

By right, if you mapped your internal websvr to a public IP (in firewall) and allow at least icmp & www services in ACL applied on your outside interface, it should be working fine. YES, I agree, this is what I do not understand as why it is not working.

Logically, the wks, internet router FE facing PIX, PIX's outside interface and your WEBSERVER are sitting in the same segment.

I am sorry, I do not understand what you are asking here...or what is meant by FE?

TIA,

Gary

0 Helpful
Customers Also Viewed These Support Documents