Solved

Web server hosting the port 80 redirection cannot access itself

Posted on 2007-12-05
2
266 Views
Last Modified: 2010-04-09
Port 80 on the external address of our Pix 501 (68.179.x.y) is redirected to our internal Web Server at  ip address 10.200.6.25. Everyone can access the web site properly, internal as well as external clients. Except from the Web server itself. If I go to address 68.179.x.y in IE from the web server itself, I get Page Cannot be displayed.

Is this a normal Cisco Pix behaviour preventing a redirected host to access itself from the external interface, or is it a misconfiguration on our part ?
0
Comment
Question by:ndidomenico
2 Comments
 
LVL 19

Accepted Solution

by:
nodisco earned 500 total points
ID: 20415078
No its quite normal.  The PIX won't let traffic go back in the interface it originates from - the originating traffic is going out the PIX outside ip as thats where the address is but needs to come back in as its port-forwarded internally.

won't work.

If you want a quick workaround - put a DNS A record for the URL name - e.g. www.mycompany.com to the 10.200.6.25 address on your DNS server - or even just create an entry for this in the hosts file
0
 

Author Comment

by:ndidomenico
ID: 20419264
What is the security or technical reason for the Pix to block this form of out/in traffic ? This Pix is replacing a low-end Linksys router which was not blocking this sort of traffic.

For the workaround, I'm afraid it won't work in this case. Displaying the web page we need is done by first going to another web page on the Internet, which has a link that brings us to our web page, except that the link on that site is using an IP address (the external ip of the Pix) instead of a url name. Can we get arout this without having to modify this external web page ?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco C3750X Switch 19 75
OSPF Routing Problems 9 64
Cisco ASA two factor VPN 3 39
Cisco ACS propagation to secondaries in cluster 2 34
There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now