Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
1
Replies

INSIDE NAT PROBLEM

scolombo
Cisco Employee
Cisco Employee

‎12-13-2001 03:50 AM - edited ‎03-08-2019 09:24 PM

I've a problem accessing our company's Web server public address from inside the pix.

The configuration is as follow

Three interfaces.

inside 192.168.1.254/24

outside 213.x.x.x/35

dmz 172.16.1.254/24

WEB server is in the inside network with IP 192.168.1.165

A static nat has been set as follow

static (inside,outside) 213.x.x.165 192.168.1.165 netmask 255.255.255.255 0 0

An access list has been set and applied to the outside interface to allow incoming http connection to the public address.

Problem

I can correctly access our WEB server's public address from internet but fails if we try from the inside network.

In the PIX log I can see an outbound connection from the IP POOL 213.x.x.x to 213.x.x.165 but then fails the connection.

PLS give me an help on it .

Thanks

Labels:
0 Helpful
1 Reply 1

rrbleeker
Level 1
Level 1

‎12-13-2001 07:43 AM

I assume that you are using DNS for name resolution and that your DNS server provide you with the public IP address of the server. If that is the case, the firewall will be the recipient of the packet and will not place it back on your internal network to the server. What you need to do is setup an 'alias' command for the web server. This will change public IP address to the internal IP address in the DNS reply. See http://www.cisco.com/warp/customer/110/alias.html for a good example of the alias command.

0 Helpful
Customers Also Viewed These Support Documents