• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 367
  • Last Modified:

PIX one to one NAT..?

Hi Guru's,

I have 5 sites across the globe that access their 'local' networks using a Cisco VPN.  We also have a hosted web service (off core network) so we have to use a hosts file (with external address of web server) when users attempt to connect to both their local office (via VPN) and web server at the same time.

The web server will soon be moving to our head office which is ok for users based at the head office (dispels the need for a host file as DNS will work), but those visitors to head office from abroad will not be able to access the web server since their host files sends them to the external address and NOT the internal address.

I guess that one to one NAT is the answer - but HOW??

Thanks muchly any assistance provided...

Regards,
Jase
0
jasonhamlett
Asked:
jasonhamlett
  • 2
1 Solution
 
SaineolaiCommented:
Can you clarify how the DNS zone that contains the records for the web server is hosted?

When you relocate the server to HQ will it be located in a DMZ or on the LAN segment with all the other devices in that location?
0
 
jasonhamlettAuthor Commented:
Hi,

I'm not sure how DNS would affect this..?  Assuming the VPNs are giving out internal DNS servers, and all our networks are connected by site VPNs, a US user will connect their VPN to the US office and 'lookup' the hosted web server and be 'given' the internal address.  As such they cannot route across the second (site) VPN. [We are shifting to an ASA box soon which will allow them to do this, but not before our web server is moved].

I was hoping to place it on a LAN segment (fast backup to LAN server), but do have a PIX 515 so could put it in the DMZ if needed (and run backup at 100Mb rather than 1000Mb).

I guess the question is how you can get a PIX to allowoth internal and external users to connect to the external IP address of the web server.
0
 
SaineolaiCommented:
This describes your issue and a potential solution, but you will have to place the server in the DMZ.

http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now