Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Unable to access Internal sites from Internal

Hello,

Inside users can start connections and surf the web fine. However, they cannot access web server sites located internally. The internal sites can be accessed fine externally. DNS servers reside externally. It appears the internal sites resolve the site's internal address correctly, then die. Infact, a webserver cannot pull up it's own address or a site of a server next to it, but can hit any site outside. DNS issue?

Thanks!

6 REPLIES
Community Member

Re: Unable to access Internal sites from Internal

Yes this is a DNS issue. What you have to do is create a internal DNS server to serve your internal network to your websites located behind the firewall. Make usre you set your workstations with the internal DNS sever first then the external DNS. Hope this helps.

Community Member

Re: Unable to access Internal sites from Internal

Thanks for your help! I take it I would have to do this regardless, since we are going to put the mail servers behind the pix. Otherwise, different domains would not be able to email each other if they both reside behind the firewall.

Community Member

Re: Unable to access Internal sites from Internal

if you are using a PIX Firewall, just issue some alias commands, and your done....

Community Member

Re: Unable to access Internal sites from Internal

Would the alias commands be instead of adding an internal DNS? Also, could I use the "net" alias technique where as aliasing the entire subnet?

Community Member

Re: Unable to access Internal sites from Internal

alias (inside) "InT_IP" "Ext_IP" 255.255.255.255

Set the servers DNS address to a server on the outside. Do an nslookup and look what you see

The PIX does the work for you

Community Member

Re: Unable to access Internal sites from Internal

From a security point of view you should use the solution wiht 2 seperate DNS servers. This would comply with the 'Defense In-Depth' approach. Using a single DNS forces you to reveal more information that you should.

124
Views
0
Helpful
6
Replies
CreatePlease to create content