Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

DNS on inside

I have three lan (inside) , outside where there is router Internet and DMZ

My customer has posted his WEB server from inside to DMZ with address

This WEB server is also his Mail server and Lotus server.

With appropriate policies on Pix 515 all it works in order from outside and from inside users.

There is only one problem that from inside user he can see his WEB server as machine when he browse his network how neighbour from Windows.

There isn't nat from neither interfaces and with an specific access-list he can ping from inside network the host

What can be?




Re: DNS on inside

If his web server also runs other services, and can be seen in network neighborhood, its possible that someone opened up way too many ports from the dmz and into the internal network. can you post the pix config?

New Member

Re: DNS on inside

Here is

wr t

Building configuration...

: Saved


PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000


access-list acl_out permit tcp any host eq www

access-list acl_out permit tcp any host eq smtp

access-list acl_out permit tcp any host eq lotusnotes

access-list acl-out permit icmp any any

pager lines 24

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside

ip address inside

ip address dmz

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

nat (inside) 0 0 0

nat (inside) 0 0 0

nat (dmz) 0 0 0

static (dmz,outside) netmask 0 0

access-group acl_out in interface outside

route outside 1

route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS protocol tacacs

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet inside

telnet timeout 5

ssh timeout 5

terminal width 80


: end


CreatePlease to create content