Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to connect on a service with a public IP on the inside interface...

Hello,

On my pix I use static route with DNS doctoring to translate request from a public IP on the outside interface to a private IP of one of my machine on the inside interface.

Ex :

static (inside,outside) 213.251.23.146 192.168.1.56 dns netmask 255.255.255.255 0 0

Each server on the inside interface use a common DNS server (ex. 192.168.1.101). This DNS server own public IP of all my hosts.

When I try to use a service (ex SMTP) from the outside like this :

telnet 213.251.23.146 25

that work without any problem. If I try with his private IP (or loopback) from the inside interface like this :

telet 192.168.1.56

that work. But if I try from the inside interface with the public IP, that don't work.

Do you know why and how to change this !

Thanks !!

Jérôme

5 REPLIES
New Member

Re: Unable to connect on a service with a public IP on the insid

I had a similar prob and had to create a dns record on my internal dns server.

ex.

Create A record

mail.domain.com = 192.168.1.56

New Member

Re: Unable to connect on a service with a public IP on the insid

I my case, this DNS server is public, it's not possible.

Bronze

Re: Unable to connect on a service with a public IP on the insid

Hi,

If you are doing DNS doctoring, you can access the internal machine only with its DNS name. The DNS replies will be modified by the PIX so that your internal machines get 192.168.1.56 IP in the DNS reply.

Have you setup the alias command as follows?

alias (inside) 192.168.1.56 213.251.23.146 255.255.255.255

Note: For this to work, Your DNS server should not be inside & proxy-arp has to be disabled on inside interface.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml#backinfo

HTH

Regards,

Shijo George.

New Member

Re: Unable to connect on a service with a public IP on the insid

If I try with the fqdn, I have the same problem, it's impossible to be connected on a specific port. Is this normal ? My network is like this :

|

PIX

-----------------------------

| | |

DNS SERVER SMTP SERVER WEB SERVER

PIX

Private IP (inside) : 192.168.1.1

Public IP (outside) : 213.251.1.1

DNS Server

Private IP (inside) : 192.168.1.2

Public IP (outside) : 213.251.1.2

DNS Server : 192.168.1.2

Hostname : ns1.mydomain.com

SMTP Server

Private IP (inside) : 192.168.1.3

Public IP (outside) : 213.251.1.3

DNS Server : 192.168.1.2

Hostname : smtp.mydomain.com

WEB Server

Private IP (inside) : 192.168.1.4

Public IP (outside) : 213.251.1.4

DNS Server : 192.168.1.2

Hostname : web.mydomain.com

My DNS Server is on the inside interface. The DNS Server is the owner of the mydomain.com SOA.

No, I have not setup the alias command. I have try but I got the same result.

Thanks for your help !

Jérôme

Bronze

Re: Unable to connect on a service with a public IP on the insid

Hi,

As far as I know, this is not gonna work as long as your servers and the desktops are connected to same interface (insde).

Regards,

Shijo George.

128
Views
0
Helpful
5
Replies