?
Solved

Config NAT in Cisco PIX

Posted on 2005-03-09
2
Medium Priority
?
530 Views
Last Modified: 2013-11-16
I using Static NAT to map a internal server 192.168.1.1 as a real IP 202.1.1.1:
- static (inside,outside) 202.1.1.1 192.168.1.1 netmask 255.255.255.255 0 0

It work on internet, i can access it in remote, but I can't ping or access it in inside LAN.
What NAT I need setup to enable the internal access to external IP?
0
Comment
Question by:kennycpu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 13496254
Kenny

Simplest way to do this is to use an alias of this address :

If you enter

alias (inside) 202.1.1.1 192.168.1.1 255.255.255.255

You will be able to see this address internally



0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 13498172
Here's what you can and cannot do in this situation:
You cannot use the server's public IP address to access it from the inside. No way, now how. This is just the way it is. Embrace it because it won't change.
You CAN, however, use something called "DNS Doctoring" if, and only if, your DNS is outside your network. The Alias command that nodisco shows above is the old way of implementing it. If you are using the PDM GUI, this command is not available and if you enable it via the command line, the GUI will be limited to monitor only mode.
The "new" way to do dns doctoring is to use the "dns" keyword in your static entry.
What does DNS Doctoring do, you ask? Why does it only work if your DNS server is on the outside of the PIX?
When a client sends a DNS resolution request out through the PIX, the pix sees it. When the response comes back to resolve www.company.com to 202.1.1.1, the PIX will "doctor" that response using the alias address, and the client actually resolves to 192.168.1.1 and connects no problem.

What else can you do?
- Host DNS internally and always resolve to the private IP address.
- Use manual hosts file on every workstation that resolves this host to the private IP address.
Bottom line - the client will always "talk" to the private IP adress and never to the public IP.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question