Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX internal clients can't access static global address of internal servers

PIX515-UR got two net card, outside ip: o1.o2.o3.o4,inside ip: i1.i2.i3.i4, PAT is enable, outside interface's ip is used by PAT. and an internal WEB server's IP: w1.w2.w3.w4, it is the same subnet with i1.i2.i3.i4, and static map on PIX: s1.s2.s3.s4--> i1.i2.i3.i4, s1.s2.s3.s4 is the same subnet with o1.o2.o3.o4. internal client can access internal normally, but can't access the IP s1.s2.s3.s4, cause some of the URL written in the WEB server is fixed to http://s1.s2.s3.s4/..., how to make the internal client to access the web server by its global address: s1.s2.s3.s4?

New Member

Re: PIX internal clients can't access static global address of i

For sure, you cannot access s1.s2.s3.s4 address from inside. I don't know any way to achieve that. Your URL should use "host name" instead of IP address. It's a best practice to use "host name" or i should write a mandatory practice when designing a web site, "never use ip addresses directly". When you use host name in URL, i know two ways to convert them to real address, as seen by internal users. The way you choose is depending of your DNS position and configuration:

1- You have internal DNS only just for internal users, this way, you write the real address in this DNS. Outside users use an ISP DNS where your primary and your secondary DNS are hosted.

2- Don't have a dedicated internal DNS, use public DNS (primary & secondary), hosted by an ISP or in your DMZ, then that way you must use "alias" command.