larrystewart
asked on
Routing Issue
I have a pix fw configured with a DMZ. Everything works fine with one exception. All servers inside the firewall cannot communicate with each other using their Public IP Addresses. For Example, I have a webserver (inside address of 10.250.1.60 & an outside 207.1xx.3x.xx. It cannot communicate to another webserver (10.250.1.62, 207.1xx.3x.xx) using the outside Ip's. Perhaps this is aa DNS issue?
Thank you....
Thank you....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To clarify this :
static (inside,outside) [public ip] [internal ip] dns netmask 255.255.255.255
If you do not have an internal DNS server - then you are going to go out to the internet for DNS resolution. If you wish to be able to access www.mywebsite.com (which is hosted in your building) by its full public domain name - you will need to resolve DNS.
When you try to access this site, the request goes out the PIX and the PIX doctors the public ip and forwards to the internal private ip address. The alias command used to do this but that has been replaced by the static with dns variable and the alias command will not be supported in future releases.
static (inside,outside) [public ip] [internal ip] dns netmask 255.255.255.255
If you do not have an internal DNS server - then you are going to go out to the internet for DNS resolution. If you wish to be able to access www.mywebsite.com (which is hosted in your building) by its full public domain name - you will need to resolve DNS.
When you try to access this site, the request goes out the PIX and the PIX doctors the public ip and forwards to the internal private ip address. The alias command used to do this but that has been replaced by the static with dns variable and the alias command will not be supported in future releases.
ASKER
Thanks for your replies. I am running an internal DNS server. How would this be entered into DNS? I have DMZ and
inside addresses that need to access the sites that are within my building. Dmz = 192.168.x.x, inside is 10.250.x.x, outsie is 207.xxx.xx.x.
thank you
inside addresses that need to access the sites that are within my building. Dmz = 192.168.x.x, inside is 10.250.x.x, outsie is 207.xxx.xx.x.
thank you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is so, can you change your internal DNS to report the internal IP address?
You cannot access the public nat addresses if you are in the private zone on the nat router.
I am not 100% sure, but I don't think the pix has a setting to bounce the traffic back internally.
Regards
Tony