Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Internal hosts cannot browse to a web server on DMZ by name through the PIX 7.X
Internal hosts cannot browse to a web server on the Demilitarized Zone (DMZ) by name through a PIX Firewall when the Domain Name System (DNS) server is located on the outside.
If internal clients need to access servers off of the DMZ interface of the PIX, and their DNS server is located on the PIX outside interface, then the PIX must do Destination Network Address Translation (DNAT) to the packets from the inside interface to the DMZ.
Here are some possible solutions:
PIX Version 6.2 and Later
If the PIX runs version 6.2 or later, issue this command:
The configuration for DNATting remains same in 7.0 and there is no change in the configuration required.
Users are not able to access the server in DMZ and they get the error "page cannot be displayed"
he problem might be the authentication access level or it could be the NAT configuration for DMZ access issue with the particular user. If you configure the AAA authentication for the user, then check the user rights in the AAA configuration and ACS if you used.
Also verify the ACL permit command and DMZ NAT Configuration have the enough pool of IP address for the translation.
PIX command authorization and expansion of local authentication was introduced in version 6.2 and above. The following documents provides an example of how to set this up on a PIX.