Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
4
Replies

NAT problem

gastori
Level 1
Level 1

‎11-01-2001 01:55 PM - edited ‎03-08-2019 09:02 PM

I have a PIX 515 which I enabled for NAT.

I have outside traffic accessing my Mail (25,110) and my Web server(80) but if an iside user trys to access the web site through the internet using the gateway on the pix, he/she can't but if I dial up to the internet using AOL or ay other ISP then I have no problem.

What can I do to have internal user accessing aour web site through the gateway internet on the pix.

Labels:
0 Helpful
4 Replies 4

ikusuma
Level 1
Level 1

‎11-02-2001 01:53 AM

u will never get the answer from ping command, if u ping from inside , because the DNS will give the global ip of your server, u must use the command "alias" on the pix

ref : http://www.cisco.com/warp/public/110/alias.html

cheers

Indra

0 Helpful

apaxson
Level 1
Level 1
In response to ikusuma

‎11-12-2001 07:01 AM

Is there a way for the 2600?? I am having the same issue, only for a 2600. The 'alias' command is only for PIX, right?

What can I do on the 2600? It's not so much for usability, but for troubleshooting. I can use my DNS server to resolve the addresses before they get to my firewall. But, if I wanted to check to see if port 25 is really open to the outside world, I have to dial up to AOL or something. Very frustrating.

THANKS!!

0 Helpful

edmonds_robert
Level 1
Level 1

‎11-02-2001 11:49 AM

I think an even easier solution would to be just to add a record pointing to www on your DNS server and point it to the IP address of your web server.

0 Helpful

elehman
Level 1
Level 1

‎11-09-2001 07:45 PM

If you are running DNS inside your network, you can essentially fool the internal users to point to the inside address of the webserver. If not, the problem lies in the fact that your internal machine goes out through the pix, resolves the address and then tries to get back in (like with a ping). this creates a loop - going out, coming back to another machine and then expecting to go back out and somehow reach you in the process to return your ping request. Use of the alias command - http://www.cisco.com/warp/public/110/alias.html, will allow the pix to "replace" any dns request that matches something on your inside network with the correct internal address. Its a cheat, but it works.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents