PIX internal clients can't access static global address of internal servers
PIX515-UR got two net card, outside ip: o1.o2.o3.o4,inside ip: i1.i2.i3.i4, PAT is enable, outside interface's ip is used by PAT. and an internal WEB server's IP: w1.w2.w3.w4, it is the same subnet with i1.i2.i3.i4, and static map on PIX: s1.s2.s3.s4--> i1.i2.i3.i4, s1.s2.s3.s4 is the same subnet with o1.o2.o3.o4. internal client can access internal normally, but can't access the IP s1.s2.s3.s4, cause some of the URL written in the WEB server is fixed to http://s1.s2.s3.s4/..., how to make the internal client to access the web server by its global address: s1.s2.s3.s4?
Re: PIX internal clients can't access static global address of i
For sure, you cannot access s1.s2.s3.s4 address from inside. I don't know any way to achieve that. Your URL should use "host name" instead of IP address. It's a best practice to use "host name" or i should write a mandatory practice when designing a web site, "never use ip addresses directly". When you use host name in URL, i know two ways to convert them to real address, as seen by internal users. The way you choose is depending of your DNS position and configuration:
1- You have internal DNS only just for internal users, this way, you write the real address in this DNS. Outside users use an ISP DNS where your primary and your secondary DNS are hosted.
2- Don't have a dedicated internal DNS, use public DNS (primary & secondary), hosted by an ISP or in your DMZ, then that way you must use "alias" command.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...