BrianClements
asked on
How can I route requests to a server on an internal lan through an external dns?
We have a 10.x.x.x internal scope running trhough a cisco pix firewall to a 2600 router to the internet. We have web applications running from our website and from two other servers on our internal lan. If using a dns server external to our lan, we can resolve the internal web through an alias command in the pix. Unfortunately, I cannot access the other two servers which are usually access through ip address. Access from the outside in works fine, but we cannot resolve the external ip address back to the internal nat in the pix. All other sites are accessible except the two that need resolution to the ip address. A Cisco TAC engineer said that a static route may need to be put in for the particular ip address at the router. Does this sound like a possibility? Any ideas? We have created a workaround by providing two seperate links on our web... one to the inside ip address and one to the outside but would like to be able to allow the inside scope to resolve to the same link as the external.
mikebernhardt
Are you saying that name resolution of the external addresses doesn't work from the inside? Or that you can't talk to the inside web servers from the outside? You need to clarify your question please. I can help you with DNS or routing issues, but I don't understand your problem right now.
ASKER
I apologize for my wording. We have 3 internal servers that need to be accessed inside and outside. These are 10.10.1.83,84, and 85. Our web resolves to 10.10.1.83, and after adding an alias command to our pix we could resolve the name to the internal number using an external dns server from inside the network. The problem comes when we need to access the other two servers which have no internet name to resolve to. 10.10.1.84 is NAT to 66.109.42.164, and we cannot ping 66.109.42.164. the alias command only seems to work when name resolution is used. We can only access it from our internal number of 10.10.1.84 which forces us to use two links on our web. We are unable to ping any of the external numbers that our internal numbers NAT to. What we would like is to be able to route the external link back to the internal ips.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
On the PIX, have you tried using
ip host [hostname] 66.109.42.164
I'm honestly not that familiar with PIX, but this works in IOS and I'm guessing on the PIX. It's just the IOS equivalent of a local host table, and maybe that will let the alias command work.
Are the 2 servers with the problem translating to the same public IP subnet as the one that's working? Can you ping their public IPs from the outside, or is the problem only on the inside?
ip host [hostname] 66.109.42.164
I'm honestly not that familiar with PIX, but this works in IOS and I'm guessing on the PIX. It's just the IOS equivalent of a local host table, and maybe that will let the alias command work.
Are the 2 servers with the problem translating to the same public IP subnet as the one that's working? Can you ping their public IPs from the outside, or is the problem only on the inside?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you all...Ill try these resolutions tomorrow.