Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Can't see my web site inside LAN.

I have a cisco 3600 T1 router with 5 public IP's. On the inside of my network I have an ASP server with a static private IP, it is resolved from the outside through a NAT translation. From inside my LAN I can't type the url of any of the 5 websites running in IIS on that machine. But if I disable my NIC and dial up (i.e. aol), then type the URL and there it is. The only firewall is on the cisco router which my ISP won't give me access to but will do for me what I tell them.

I was told by my ISP that I could setup the public IP address directly on my web server, but then no firewall protection!
Or I could get a DSL router and put it between the server and the Cisco router. This would give me a firewall and my public IP, but I am told it will block my domain unless I configure the new firewall to accept my domain, but that is somewhat over my head.
My ISP is not much help here and I need this ASP server on my domain to access the databases on it, and the clients and employees outside my lan need to access these databases too.
The ISP says you can't go out on a NAT and then come back in on one, I would say that is true due to the errors I get.
There has got to be a better way and I know other companies do this, If I need a better or a different router that is fine, we will pay for it but I have to get this setup.
I will start at 250 pts, if it seems that hard I will increase it.
0
Bird_Dog347
Asked:
Bird_Dog347
  • 4
  • 3
1 Solution
 
lrmooreCommented:
G'day, Bird_Dog347

The simplest way to get around what you are trying to do is to setup your one private DNS server that will resolve these web sites to their "private" ip addresses. Setup the proper forwarder nameservers and your inside clients will use this server to resolve www.myweb.com to the private ip address, yet the rest of the world will still resolve it to the public address. If you had a PIX firewall between the router and the server, you could use an "alias" command on the PIX and not have to use your own DNS.
Another option would be to create a local hosts file for local users:
<private ip>  www.myweb.com


Cheers!
0
 
Bird_Dog347Author Commented:
We don't want to set up a local host file for all the client computers, but how difficult is the DNS setup? And can I configure it on my existing DNS server?
0
 
lrmooreCommented:
Setting up the DNS should not be difficult. Are you the primary or secondary DNS for your Internet zone?
If not, it would be a simple addition of the A and CNAME records with the local internal IP address, and your ISP's IP address in the forwarders tab. (assuming you are using Win2K DNS?)
If you are primary/secondary for your domain, you might setup a 2nd DNS server. The only records it would need are the soa, ns, and A/CNAME records for your webservers. The forwarder tab would forward all unknown requests out to your primary dns/isp, so this new server would become the first choice for your clients.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Bird_Dog347Author Commented:
I am using win2k server. I put in a new domain in dns on one of my dns servers, and it worked. I setup the DNS with a new host file and gave it the local IP of my ASP server. But when I tried to setup the next domain (4 independant sites) it still doesn't work. When I ping the first domian I get the internal address of the asp, when I ping the second I get the external IP of the asp server.
Can I have more than one?
0
 
lrmooreCommented:
You created multiple forward lookup zones and their respective reverse looup zone, added host records and checked the box to create associated PTR records, enabled forwarders and added your ISP dns servers to the list?
Temporarily rename your hosts file on your DNS server to hosts.old
0
 
Bird_Dog347Author Commented:
Ok, great news. That did the trick. I am adding 50 pts because you knew it right away. Good job.

Bird_Dog347
0
 
lrmooreCommented:
Glad to help!

Thanks!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now