Here is my situation. My LAN users must enter either my Web server name or internal IP address to get to our Web site. The CEO wants to be able to type in the URL (company.com) to get to the site. I have our LAN protected from the outside world with a PIX 515 using NAT, which is not allowing LAN users to type in the URL & go out the PIX & make a U turn and come back in again. I believe I need a DNS entry on the LAN DNS database, but I'm not familiar enough with DNS to get it to work. Has anybody had experience with this or have any ideas on how I can accomplish this to satisfy my boss.
You're right, you can setup an internal DNS server with the users pointing to that DNS server which has the webserver mapped to it's internal IP address. Outside users will rely on their external DNS to get to your site. DHCP from WindowsNT/2000 works great for configuring the DNS of your internal clients.
Another solution is to use the alias command on the PIX. In simple terms it is a DNS entry on the PIX for your web server. The only problem is if you are running the PDM on your PIX, the alias command is not supported and will disable all the screens except for Monitoring in the PDM. If you are not running the PDM than you are OK.
It is not good practice to resolve IP addresses in your private network via a public DNS server. You should definately include an address on an internal DNS box. I have internal users lookup an internal DNS server and then it queries externally if there is no record. You can use an A record that makes sense to you then CNAME record for whatever the boss wants.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...