Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Cisco Employee

DMZ access from Inside &vice versa

I've problems accessing Web servers in the DMZ from the inside interface using the Public WEB server's IP .

A Pix with 3 interfaces. A web server in the DMZ and 1 in the inside IF. All the Web servers have been statically natted with public IP and are correctly accessed from internet.

However I cannot access dmz's servers from the inside and viceversa


Community Member

Re: DMZ access from Inside &vice versa

You have 2 options to access the web servers from the inside network:

1) Use the web server's real IP address. You cannot use the external ip address for the web servers to access them from the inside.

2) Use the 'alias' command to modify the IP address when a packet from the inside, destined for the DMZ and using its external ip address.

I would opt for option 1 by using a seperate DNS server. This DNS server would only server internal users.

Cisco Employee

Re: DMZ access from Inside &vice versa

I agree with you that having two DNS would be the best solution, unfortunately our customer didn't mention it when the project was being planned.

He accepted to buy a new DNS , but for moment we have to find a solution.

I tried the alias solution but packets got blocked .

On the inside interface I've defined an access list which permit all traffic.

CreatePlease to create content