I have an issue getting to my own company website that is hosted by a web host on the outside. I can get to the website from anywhere except from behind my PIX. I have a 515e with a webserver in the DMZ. All websites hosted on the DMZ are accessible (both inside and outside) but if I go from any PC on the inside network and try to get to my company website (on the outside)it can't and I get the "Page not found" error. It doesn't seem to be DNS related because I get the same if I type in the ip address as well. I can access any other website from the inside network, just not my company site.
What could this be ? It has been working for months. Occasionally I have had to go in and clear xlate because something was getting confused on the PIX but that has straighted it out. This time it doesn't help. I'm guessing it's some kind of routing problem but I've looked at my config and it seems right.
This is a pix feature and a dns configuration problem. Without looking at your config I assume you have a static between the outside i/f and the dmz. Your dns server is probably resolving the outside address of the webserver. because the static applies to traffic arriving on the outside interface, it is not applied and the host can not be reached from the inside network by the static translation.
There are two fixes.
1. Configure two dns servers. One resolves internet requests to the outside address. The other resolves internal requests to the dmz address assuming no nat between inside and dmz.
2. I have never tried this, but it should work. Configure a static between the lan and the dmz with the outside address of the webserver.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...