Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Connect to internal webservers from behind a pix 501

Posted on 2005-04-11
2
Medium Priority
?
370 Views
Last Modified: 2011-09-20
Hey,

I have read over a lot of you guys post and it has really helped me with the learning process of my pix 501. So here is my situation:

I have a series of webservers behind a pix 501 (6.3). They are all accessable from the outside. I can acess them from the inside using there internal address; however if i try to access them from inside with the external address I can't access it. Exp:

ok:

xxx.xxx.xxx.228 ------> 192.169.1.5
--------------              ---------------------------------
| Internet   | ------> |port 80 server1.domain.com|
--------------              ---------------------------------
won't work:

192.169.1.2 --------> xxx.xxx.xxx.228 ------------> 192.169.1.5
----------------------    ---------------------------     ----------------------------    ----------------
|Internal Network |->|Internet DNS Server   |->|Pix 501 xxx.xxx.xxx.228|->|192.169.1.5|
----------------------     ---------------------------    ----------------------------    ----------------

This needs to be done for a few reasons: one, users on our network need to give demos via live meeting using the domain name of the server (not an internal address). The second is if the web-page does a redirection like below it fails.

http:server1.domain.com redirects to http://server1.domain.com/new/page

I have sort of gotten around it the first problem by adding entries to the host file in windows. But I need to real solution. Thanks for all your thoughts guys.

0
Comment
Question by:BoB7869
2 Comments
 
LVL 19

Accepted Solution

by:
nodisco earned 1000 total points
ID: 13760886
The alias command will work for you in this situation - it sets up DNS doctoring:

Logon to PIX

conf t
alias (inside) X.X.X.X Y.Y.Y.Y 255.255.255.255

Where X.X.X.X is the LAN ip address of the webserver and Y.Y.Y.Y is the public ip of it

Here is a link that explains it further:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml


0
 

Author Comment

by:BoB7869
ID: 13763198
Thanks! That seems to work. I do need to do further testing but it looks like it will solve it.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question