Re: how can i use public ip access my lan server from internal?

wanglei · ‎10-26-2005

i have a pix with two interface.one for internal.another for outside.my mail server is located inside.i have config alias command translate mail private ip to public ip.now i can use private ip ,domain name(for example mail.aaa.com)access mail server from inside.but i can't use mail public ip access from inside.how to implement this function?

any help will be apreciate.

nkhawaja · ‎10-26-2005

alias command will only work if your DNS server is outside the FW.

wanglei · ‎10-26-2005

yes,the dns server is out of pix.i can use dns name success.but when i use public ip.it doesn't work.

someone tell me use this two command together,but i 'm not sure it will work well.

alias(inside) 192.168.1.1 61.182.30.1 255.255.255.255

alias(inside) 61.182.30.1 192.168.1.1 255.255.255.255

the first is for dns access.when pix receive dns reply ,looking for if the ip is 61.182.30.1,then translate is to 192.168.1.1

the second is for public ip access.it's dnat.when a pakeg's destination ip is 61.182.30.1.then the destination ip will tranlate to 192.168.1.1

does someone have some ideas?

nkhawaja · ‎10-26-2005

use bi direcational NAT instead of static.

basically you will only be able to use DNS and not the public IP address directly.