Solved

Newly installed Cisco PIX506E cannot connect to internal web site via www usage

Posted on 2008-06-13
5
247 Views
Last Modified: 2010-04-12
I recently installed a new PIX506E 6.3. Internet and VPN access are working.

We have an SSL web site that we host internally. We used to be able to access this
web site internally via www.website.com, until I setup the new PIX. Internet users can access it via www.website.com without incident as usual.

The only way we can currently access the web site internally now is by using the server name. I looked over the previous PIX config, and I have the new config matching almost idenical, with a couple of minor excepions.

One exception is we no longer allow another company to have access to our private network, so that portion was removed from the config. The other item that is not in the current config is noted below.

rip inside passive version 1
rip inside default version 1

When we were running the other PIX, we could access the internal web site just as internet users would, so I don't want to look at using the hosts file. What changed that I can't access the internal web site by typing www.website.com? As I mentioned above, internet users can access it just fine. Nothing in DNS was changed (worked fine on previous Cisco PIX506).

Any thoughts?

Thank you.
JS
0
Comment
Question by:jsop
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:clearacid
Comment Utility
Could you clarify if you are trying to access an internal webserver from inside or outside the network?

If from inside could you access the server by IP?  http://1.2.3.4 (no www).?
0
 
LVL 6

Expert Comment

by:clearacid
Comment Utility
RIP is a routing protocol - maybe your internal web server is on a different network that your new pix506 doesn't know about because you removed the rip statements.  
0
 

Author Comment

by:jsop
Comment Utility
Thanks for the reply. The web site that I am trying to connect to is hosted on one of our internal servers. I can access it by http://servername. We never could access it via http://1.2.3.4. Trying to access it via www used to work with our old PIX506, but now with the PIX506E, www does not work for us internally. Internet users can access as usual.

I reimplemented the rip inside passive version 1, and default version 1. No difference yet.
0
 

Author Comment

by:jsop
Comment Utility
Still no resolution.
0
 

Accepted Solution

by:
jsop earned 0 total points
Comment Utility
The issue has been resolved. I ended up implementing a hosts file. We did not use one with the Old PIX506, but it was the only way I could get access to the server as we once had.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now