translating dmz ip addresses

tjmaurin · ‎03-05-2003

I have a web server in the dmz and want to be able to hit it from a pc that is in the dmz by using the real ip. I am not looking to do dns translation in this case.

gfullage · ‎03-06-2003

What interface is the PC in? You typed dmz but I gather that was a typo. If the PC is on the inside, then you just need a nat (inside)/global (dmz) pair. If the PC is on the outside, then you'll need a static and an ACL to get to it.

tjmaurin · ‎03-07-2003

The PC is really in the dmz. Not a typo. If it were up to me this one pc would be moved to the inside but I don't have the option to do that. PCs on the outside and inside can hit the web server by IP just not the one pc that is in the dmz.

mostiguy · ‎03-10-2003

Try accessing the site by ip address from the dmz pc. If they are both in the dmz, they are almost assuredly in the same ip subnet. The problem is most likely a dns issue (meaning, the dns reply for the web server's hostname contains the external ip used for nat for the web server, not the RFC 1918 address the web server is using, as is the DMZ pc). If it is just one pc, I would probably make sure that the site is accessible via ip, and tell them to use that, or edit the local hosts file and statically code it.