Link to home
Start Free TrialLog in
Avatar of cogit
cogit

asked on

cannot view a website internally by real ip

I cannot access my webites internally by the real ip address ie 65.x.x.x  but I am able to do so on an external network .  If I provide a dns name to the address then there's no issue.  what should i look for

perm router-->pix-->lan router-->lnternal network
Avatar of fettigcj07
fettigcj07

More info please.

You say "real ip" yet reference a non-private address of 65.X.X.X and then reference the "external network" but don't give any info on what addresses those might be.

perm router = ISP router with what on the outside? what on inside?
PIX = your device or ISPs? what external/internal networks?
LAN router = ???? why the 2nd router? what networks does it seperate? is your webserver behind all 3 devices or only two?

my initial -=GUESS=- is that your trying to access an address that the LAN router NATs from exteranal to internal so the fact that your trying to go INTERNAL to EXTERNAL ADDRESS of INTERNAL resource the router doesn't support the double-back involved. but that's just a GUESS based on far too little information to call an educated guess. we need to know what does the ultimate NAT. the PIX could handle it as a rule but then again it could be one of the two routers.
Try to add a permanent route to the internal network using the route command.
 ROUTE ADD DestIP MASK DestMask PrivateIp

eg
ROUTE ADD 65.X.X.X 255.255.252.0 192.168.10.2


DO THIS ON ALL TEH CLIENT SYSTEMS.
ping the dns entry and verify it is giving the 65.x.x.x address and not the internal network address... if it's giving the 65.x.x.x address then you need to check your webserver and verify it is resolving websites by IP address rather than hostname... my guess is when you ping the address you are receiving an internal address... therefore, when you attempt to access the website by dns you use the internal address instead of the 65.x.x.x address...
Avatar of cogit

ASKER

Here is an overview

ISP
|
Cisco 1700
so: 65.x.x.x
eo.65.x.x.129
|
pix 506
outside: 65.x.x.130
inside. 10.9.1.131
|
Cisco 3600
eo: 10.9.1.130
fa/0: 10.12.0.x (internal lan
fa/1: 10.10.1.x


Static statements are set up on pix  and conduit ...

These are test web servers without external dns assigned to the ip.

so lets say 10.12.0.1 is map to 65.x.x.1 , you can hit on the inside with 10.12.0.1 but not 65.xx.1.

If I go on an external network I can of course hit 65.x.x.1.

I'm just helping out a friends network that needs to be flatten out and the PIX has way to many statements that need to be removed.

On perm router there is no ACLs or on the core router ...


ASKER CERTIFIED SOLUTION
Avatar of fettigcj07
fettigcj07

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial