rkanabus
asked on
Problem with accessing web server using public IP address from inside of the network
Hi, I have a problem regarding configuration of Cisco ASA 5505 security device.
The case is as follows. There is a web server inside the office. I created rule for port 80 to allow traffic from outside to inside and created Static NAT rule to point to internal IP address of the web server from outside. It works fine. People from outside the office can access the web server by domain name or public IP address.
The problem starts when someone from inside the Company wants to access the web server. The server is not accessible neither by using public IP address or domain name.
I check the trace route and it get stuck on the Firewall, the CISCO ASA 5505. It seems to be that
I cannot connect from inside to outside and back to inside.
Can anyone help on that?
Thank you for your help.
The case is as follows. There is a web server inside the office. I created rule for port 80 to allow traffic from outside to inside and created Static NAT rule to point to internal IP address of the web server from outside. It works fine. People from outside the office can access the web server by domain name or public IP address.
The problem starts when someone from inside the Company wants to access the web server. The server is not accessible neither by using public IP address or domain name.
I check the trace route and it get stuck on the Firewall, the CISCO ASA 5505. It seems to be that
I cannot connect from inside to outside and back to inside.
Can anyone help on that?
Thank you for your help.
ASKER
Thank you for your answer,
I think the first or last option is the best since the office is quite big and changing host file on each PC will be very time consuming.
Do you know how to change the DNS settings on internal server? It is Windows Server 2008.
For the last one, why it is not recommended solution? It sounds good and simple.
I think the first or last option is the best since the office is quite big and changing host file on each PC will be very time consuming.
Do you know how to change the DNS settings on internal server? It is Windows Server 2008.
For the last one, why it is not recommended solution? It sounds good and simple.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, so I will play around the DNS settings then.
Thank you for the answer
Thank you for the answer
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would almost suggest ignoring the dns hack and go for a full solution but i am yet to get one of these to work on a cisco router.
The problem with the dns hack that i have is around iphone being used internal on a wireless network where the iphone will drop the wifi connection then cache the external dns record. When connected to the internal network it still attempts to use the external address because it is cached. It really isn't a solution from my point of view.
ASKER
Thank you for your help, I will spend some time tonight and try to fix the ASA as pgolding00 proposed and will back with comments.
ASKER
Hi, I tried to do something with CISCO ASA, but I have version 7.x.x but it did not work.
I decided to change the internal DNS to solve the issue and now it works perfect.
To change the DNS settings I had to add new forward lookup zone with the name of the domain e.g. www.website.com and then add new HOST A (left the name blank) and add the IP Address of local server.
It did the trick and it works fine for me.
Thank you for your help.
I decided to change the internal DNS to solve the issue and now it works perfect.
To change the DNS settings I had to add new forward lookup zone with the name of the domain e.g. www.website.com and then add new HOST A (left the name blank) and add the IP Address of local server.
It did the trick and it works fine for me.
Thank you for your help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your comments I will try to solve the issue with ASA but in a mean time I use temporary solution with DNS trick.
First off, you can fix this by either internal DNS to point to the internal server IP.
Secondly, If you don't have an internal DNS, and you have a small operation, you can accomplish the same by changing the HOST file (C:\Widnows\System32\Drive
The most complex answer, you will need to create/modify the NAT rule to allow the internal interface to talk to the external IP. (example: static (inside,inside) public_ip private_ip netmask 255.255.255.255) This is not the recommended solution though, if possible, choose one of the first two solutions.